Thank you for your interest in our website. As controller, Schloss Hernstein Hotelbetriebsgesellschaft mbH (“we”) attaches great importance to compliance with all legal provisions of applicable data protection laws, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG).
According to the GDPR, personal data means any “information relating to an identified or identifiable natural person”. This includes, for example, information such as name, postal address, email address or phone number; if applicable, also usage data such as IP addresses.
Nature and purpose of the data processing
We need personal details of data subjects in order to provide our services. This applies above all to the answering of individual enquiries, sending out newsletters or processing contracts concluded with us.
We may collect the following data:
- First name and last name
- Company name
- Postal address
- Date of birth
- Contact details (phone number, email address)
- Bank details, credit card details
- Date and time of visit to our website
- IP address of visitors to our website
- Technical information such as name and version of the web browser used by visitors to our website, internet provider, device and screen resolution
- Source (URL) of the visit
- Visitor behaviour on our website
- The approximate location of visitors to our website (country and city)
The collected data will be processed for the following purposes:
- Performing or processing services and/or contracts
- Performing and processing events
- Implementing disaster prevention measures
- To provide, further improve and develop our website
- To identify, investigate and prevent attacks on our website.
The collected data are processed on the basis of the following legal framework:
- To fulfil contractual obligations (Art. 6(1) (b) GDPR)
- On the basis of explicit consent of the data subject (Article 6(1) (a) GDPR)
- On the basis of our legitimate interest (Art. 6(1) (f) GDPR), which consists of making our website user friendly and protecting it particularly against attacks, and performing requested services.
Where necessary for the purposes mentioned above, we will transmit data to the following recipients:
- Vienna Economic Chamber
- WKO Inhouse GmbH
- External IT service providers (Siteminder, Quandoo, Opera Cloud)
Apart from the recipients mentioned, the transfer of personal data to third parties will not take place without the explicit consent of the data subject. The transfer of data to government institutions and/or authorities shall take place only within the scope of the legal duty of disclosure or when disclosure is ordered by a court of law.
Duration of data processing and data retention
In accordance with the principles of purposeful data processing and data minimisation, we process and retain personal data only for as long as statutory retention obligations exist and/or the retention is necessary for fulfilling the purposes listed above, and beyond that for as long as guarantee, warranty or statutory limitation periods have not yet expired.
We take data protection and the associated data security very seriously. Digital security systems and other technical and organisational measures are used to protect collected personal data against damage, destruction and/or unauthorised access. In addition, our employees and the service providers appointed by us are bound to secrecy and must comply with applicable data protection laws and regulations.
Data subject rights in connection with personal data
In principle, data subjects have the rights to information, correction, erasure, restriction, data portability and objection. To assert any of these rights data subjects can get in touch with us (see contact details below).
Data subjects have the right to complain to the supervisory authority if they believe that the processing of their personal data violates applicable data protection laws, or their data protection rights have otherwise been violated or breached in any way. Responsible for this in Austria is the Austrian Data Protection Authority (data-protection-authority.gv.at).
If you have any questions or concerns regarding the processing of your personal data, please contact us: