Privacy Policy

We are very pleased about your interest in our company. Data protection has a particularly high priority for Hotel Bachschmied KG.
The use of the websites of Hotel Bachschmied KG is generally possible without any indication of personal data. However, if a data subject wishes to use special services of our company through our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in compliance with the applicable national data protection regulations for Hotel Bachschmied KG.

Through this privacy policy, our company aims to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, affected persons are informed about their rights through this privacy policy.

Hotel Bachschmied KG has implemented numerous technical and organizational measures as the data controller to ensure a largely complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions may generally have security gaps, so that an absolute protection cannot be guaranteed. For this reason, it is up to each data subject to transmit personal data to us by alternative means, for example by telephone.

The privacy policy of Hotel Bachschmied KG is based on the terminology used by the European legislative and regulatory bodies in the enactment of the General Data Protection Regulation (GDPR). Our privacy policy aims to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, among others:

a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) processing
Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) profiling
Profiling is any type of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person.

f) pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.

g) controller or data controller
Controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or controllers may be designated under Union law or the law of the Member States specific criteria for their designation.

h) processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) recipient
Recipient is a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not. Authorities that may receive personal data in the course of a specific inquiry under Union law or the law of the Member States are not considered recipients.

j) third party
Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

k) consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to them.

The controller within the meaning of the General Data Protection Regulation, as well as other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is the:

Hotel Bachschmied KG
Hintermoos 1
5761 Maria Alm
Österreich
Phone: +43 6584 75 77
Email: info@bachschmied.at
Website: www.bachschmied.at

The websites of Hotel Bachschmied KG use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the affected person from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified by its unique cookie ID.
By using cookies, Hotel Bachschmied KG can provide users of this website with more user-friendly services that would not be possible without setting cookies.
Through a cookie, the information and offerings on our website can be optimized in accordance with the user's needs. Cookies enable us, as mentioned earlier, to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not have to enter their access data again on each visit to the website because this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart through a cookie.

The affected person can prevent the placement of cookies by our website at any time by means of a corresponding setting in the internet browser used and thereby permanently object to the placement of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the affected person disables the placement of cookies in the internet browser used, not all functions of our website may be fully usable.

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow for an analysis of your use of the website. The information generated by the cookie regarding your use of this website is usually transmitted to a server of Google in the USA and stored there. In the event that IP anonymization is activated on this website, your IP address will, however, be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and there truncated. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide further services associated with website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the features of this website in full. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can prevent the collection of your user data by Google Analytics only on this website by clicking on the following link. An opt-out cookie will be set that prevents the collection of your data on future visits to this website: Disable Google Analytics.
If you delete the cookies in this browser, you have to set the opt-out cookie again.
Further information on Google Analytics terms and data protection can also be found at https://www.google.com/analytics/terms/en.html.

The website of Hotel Bachschmied KG collects a variety of general data and information with each visit to the website by an affected person or an automated system. This general data and information is stored in the server's log files. The following can be collected: (1) types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the so-called referrer), (4) the subpages that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to provide evidence in the event of attacks on our IT systems.

When using this general data and information, Hotel Bachschmied KG does not draw conclusions about the affected person. This information is rather needed to (1) correctly deliver the contents of our website, (2) optimize the contents of our website as well as the advertising for it, (3) ensure the permanent functionality of our IT systems and the technology of our website, and (4) provide prosecuting authorities with the necessary information for prosecution in the event of a cyber attack. The anonymized data and information collected are therefore evaluated by Hotel Bachschmied KG for statistical purposes and further with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data processed by us. The anonymous data from server log files are stored separately from all personal data provided by an affected person.

The website of Hotel Bachschmied KG contains information due to legal regulations that allow for quick electronic contact with our company as well as direct communication with us, which also includes a general address for electronic mail (email address). If an affected person contacts the data controller via email or through a contact form, the personal data transmitted by the affected person is automatically stored. Such personal data communicated voluntarily by an affected person to the data controller will be stored for the purposes of processing or contacting the affected person. There is no transfer of this personal data to third parties.

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or as required by the European directive and regulation or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply or if a storage period specified by the European directive and regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal regulations.

a) Right to confirmation
Every affected person has the right granted by the European directive and regulation issuer to demand from the controller responsible for processing confirmation as to whether personal data concerning them is being processed. If an affected person wishes to exercise this right to confirmation, they may contact our data protection officer at any time.

b) Right to information
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to obtain from the responsible controller, at any time and free of charge, information about the personal data stored concerning them and a copy of this information. Furthermore, the European directive and regulation issuer has granted the affected person information about the following:

• the purposes of processing
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, particularly in the case of recipients in third countries or international organizations
• where possible, the intended duration for which the personal data will be stored, or, if not possible, the criteria for determining that duration
• the existence of the right to rectification or deletion of the personal data concerning them or to the restriction of processing by the controller or to the right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data are not collected from the data subject: All available information about the source of the data
• the existence of automated decision-making, including profiling, according to Article 22(1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved, as well as the significance and the anticipated implications of such processing for the data subject

Furthermore, the affected person has a right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the affected person also has the right to obtain information about the suitable guarantees in connection with the transmission. If an affected person wishes to exercise this right to information, they may contact our data protection officer at any time.

c) Right to rectification
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to demand the immediate rectification of inaccurate personal data concerning them. Furthermore, the affected person has the right, taking into account the purposes of the processing, to demand the completion of incomplete personal data - also by means of a supplementary statement. If an affected person wishes to exercise this right to rectification, they may contact our data protection officer at any time.

d) Right to deletion (right to be forgotten)
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to demand from the controller the immediate deletion of personal data concerning them, provided one of the following reasons applies and as long as the processing is not necessary:

• The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
• The affected person withdraws the consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for processing.
• The affected person objects to the processing according to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the affected person objects to the processing according to Article 21(2) GDPR.
• The personal data have been unlawfully processed.
• The deletion of personal data is necessary for complying with a legal obligation under Union law or the law of the member states to which the controller is subject.
• The personal data have been collected in relation to the offered services of the information society according to Article 8(1) GDPR.

If one of the above reasons applies and an affected person wishes to initiate the deletion of personal data stored at Hotel Bachschmied KG, they may contact our data protection officer at any time. The data protection officer of Hotel Bachschmied KG or another employee will ensure that the deletion request is promptly complied with.
If the personal data have been made public by Hotel Bachschmied KG and our company is obliged to delete the personal data as controller according to Article 17(1) GDPR, Hotel Bachschmied KG will take into account the available technology and the implementation costs appropriate measures, including technical measures, to inform other controllers that process the published personal data that the affected person has requested erasure of all links to these personal data or of copies or replications of these personal data, as long as the processing is not necessary. The data protection officer of Hotel Bachschmied KG or another employee will arrange the necessary steps on a case-by-case basis.

e) Right to restriction of processing
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to demand the restriction of processing from the controller if one of the following conditions is met:

• The accuracy of the personal data is contested by the affected person, for a duration that enables the controller to verify the accuracy of the personal data.
• The processing is unlawful, the affected person opposes the deletion of the personal data and instead requests the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of processing, but the affected person needs them for the assertion, exercise, or defense of legal claims.
• The affected person has lodged an objection to the processing according to Article 21(1) GDPR, and it is not yet clear whether the legitimate grounds of the controller override those of the affected person.

If one of the above conditions is met, and an affected person wishes to request the restriction of personal data stored at Hotel Bachschmied KG, they may contact our data protection officer at any time. The data protection officer of Hotel Bachschmied KG or another employee will initiate the restriction of processing.

f) Right to data portability
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on the consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract according to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, the affected person, when exercising their right to data portability according to Article 20(1) GDPR, has the right to request that the personal data be transmitted directly from one controller to another, where technically feasible and provided this does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the affected person may contact the data protection officer appointed by Hotel Bachschmied KG or another employee at any time.

g) Right to object
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which is carried out based on Article 6(1)(e) or (f) GDPR. This applies also to profiling based on these provisions.
Hotel Bachschmied KG will not process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the affected person, or the processing is for the establishment, exercise, or defense of legal claims.
If Hotel Bachschmied KG processes personal data for direct marketing purposes, the affected person has the right to object at any time to the processing of personal data for such marketing purposes. This applies also to profiling, to the extent that it is related to such direct marketing. If the affected person objects to Hotel Bachschmied KG regarding the processing for direct marketing purposes, Hotel Bachschmied KG will no longer process the personal data for this purpose.
Moreover, the affected person has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them that is carried out by Hotel Bachschmied KG for scientific or historical research purposes or for statistical purposes according to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
For exercising the right to object, the affected person may contact the data protection officer of Hotel Bachschmied KG or another employee directly. Furthermore, the affected person is free, in connection with the use of information society services, to exercise their right to object through automated means, which use technical specifications, notwithstanding Directive 2002/58/EC.

h) Automated individual decision-making, including profiling
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer not to be subject to a decision, which is based solely on automated processing - including profiling - that produces legal effects concerning them or significantly affects them in a similar manner, unless the decision (1) is necessary for the conclusion or performance of a contract between the affected person and the controller, or (2) is admissible based on legislation of the Union or the member states to which the controller is subject and such legislation provides for appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the affected person, or (3) is based on the explicit consent of the affected person.
If the decision (1) is necessary for the conclusion or performance of a contract between the affected person and the controller or (2) it is made with the explicit consent of the affected person, Hotel Bachschmied KG will take appropriate measures to safeguard the rights and freedoms at least the right to obtain intervention from the controller, to express their point of view, and to contest the decision.
If the affected person wishes to assert rights concerning automated decisions, they may contact our data protection officer at any time.

i) Right to withdraw consent to data protection
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to withdraw their consent to the processing of personal data at any time.
If the affected person wishes to exercise their right to withdraw consent, they may contact our data protection officer at any time.

The party responsible for processing collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case when an applicant transmits corresponding application documents electronically, for example via email or through a web form located on the website, to the party responsible for processing. If the party responsible for processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in accordance with the legal provisions. If no employment contract is concluded between the party responsible for processing and the applicant, the application documents will be automatically deleted two months after the notification of the rejection decision, unless there are other legitimate interests of the party responsible for processing that oppose deletion. Other legitimate interest in this regard could be, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).

Art. 6 I lit. a DS-GVO serves as the legal basis for processing operations in our company where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our premises and, as a result, their name, age, health insurance information, or other vital information had to be disclosed to a doctor, a hospital, or other third parties. In that case, the processing would be based on Art. 6 I lit. d DS-GVO. Ultimately, processing operations could be based on Art. 6 I lit. f DS-GVO. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases when processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh those interests. Such processing operations are particularly permitted to us because they have been specifically mentioned by the European legislator. He held the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 DS-GVO).

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the execution of our business activities for the benefit of the well-being of all our employees and our stakeholders.

The criterion for the duration of storage of personal data is the respective legal retention period. After the expiration of the period, the corresponding data is routinely deleted, unless they are no longer required for the fulfillment of the contract or the initiation of a contract.

We inform you that the provision of personal data is partially legally required (e.g., tax regulations) or may arise from contractual arrangements (e.g., information about the contracting partner). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which must then be processed by us. The data subject is, for example, obliged to provide us with personal data when our company enters into a contract with them. A failure to provide the personal data would mean that the contract with the affected person could not be concluded. Before a data subject provides personal data, they must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what consequences non-provision of the personal data would have.

As a responsible company, we refrain from automated decision-making or profiling.

Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna
Austria
dsb@dsb.gv.at


This privacy policy was generated by the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as External Data Protection Officer Freising, in cooperation with the lawyer for data protection law Christian Solmecke.