Data protection notice pursuant to EU Regulation No. 679/2016
The purpose of this notice is to provide information on the methods, scope and purposes of the processing of personal data by Hotel Tyrol, in compliance with EU Regulation no. 679/2016 (hereinafter GDPR).
Data Controller:
The Data Controller is Hotel Tyrol, with registered offices in Bressanone/St. Andrä in the person of their legal representative Hansjörg Stockner, contact details: Hotel Tyrol – Familie Stockner – Vinzenz-Goller-Weg 29 – I-39040 Brixen/St. Andrä.
The Data Protection Officer, Hansjörg Stockner, may be contacted either by registered letter or e-mail at the following addresses: Hotel Tyrol – Familie Stockner – Vinzenz-Goller-Weg 29 – I-39040 Brixen/St. Andrä or info@hotel-tyrol.org.
Data Subjects and type of personal data processed:
Hotel Tyrol processes the personal data of customers, suppliers and persons who voluntarily provide their data personally (whether by telephone, fax or e-mail) and/or by registering on our website, as well as persons whose data have been shared by third parties, for example in public registers and directories, etc. In the case of third parties, processing is limited to basic personal data.
Purpose of data processing:
Personal data are processed exclusively for the following purposes:
1. fulfilment of legal obligations, including tax and accounting requirements
2. execution of a contract
3. activities related to the company’s business, like internal statistics, invoicing and accounting
4. quotations
5. sending newsletters
6. internal statistics
Lawful bases for data processing:
Data are processed in compliance with the applicable law and based on the following grounds, in accordance with Art. 6 and 7 of the GDPR:
– contract execution, i.e. providing the services required, fulfilling contractual requirements, answering enquiries
– compliance with legal obligations
– pursuing the Company’s legitimate interests
– consent provided by the Data Subject
Methods of data processing:
Data may be processed with or without the aid of electronic or automated means. Data processing activities may include the collection, storage, organisation, filing, consultation, processing in the strict sense of the term, and modification, selection, extraction, comparison, use, linking, blocking, transmission and deletion of data.
Data processing is carried out by the Data Controller as well as by Data Processors and third parties who may have been entrusted by the Data Controller with processing data for the purposes outlined in paragraph 3 or in cases where this is required by law. The Data Controller guarantees that any Processors and third parties that have been granted access to the personal data also process them in accordance with the GDPR.
If necessary for the activities and purposes outlined in paragraph 3, the data will be shared with domestic and/or foreign natural and/or legal persons. With the exception of these cases, personal data are not disseminated.
Data are processed using the following methods:
User account
On registration, personal data are collected and processed to create a user account. During registration and login to the user’s account, their IP address and access times are tracked.
These data will be deleted as soon as the user’s account is deleted, except in cases where storage is required for tax or accounting purposes.
Contact
When the user contacts the Company via a contact form, e-mail or social media, their personal data are processed to reply to enquiries or provide the services they require. In these cases, the data collected may be stored in a customer relationship management system or similar systems.
Enquiries are deleted as soon as no longer necessary, unless the relevant data are required for compliance with legal obligations.
Google Tag Manager
This website uses Google Tag Manager, a tag management interface that enables Google marketing services to be integrated into our online offer. The Tag Manager itself does not process any personal data; for further information please refer to the Google Tag Manager use policy: https://www.google.com/analytics/tag-manager/use-policy/
Google Analytics
This website uses analytics tools provided by Google Inc. for marketing and optimisation purposes. Google Analytics uses cookies, which are text files saved on the user’s computer that help us analyse how our website is being used. Data are collected, transferred to a Google server in the USA and stored there in anonymous form. The IP address transmitted by the Data Subject’s browser within the scope of Google Analytics will not be associated with other Google data. In addition, the “anonymizeIP” function is integrated into the code, which guarantees that the IP address is masked; all data are therefore collected anonymously. Only in exceptional cases may the full IP address be transmitted to a Google server in the USA and shortened there for anonymisation. The data collected are not used to personally identify the visitor to this website; the user remains anonymous and no data are shared with third parties. Google uses this information to create various reports on website activity on behalf of the website administrator.
In this respect, Data Subjects have the right to withdraw their consent at any time by installing the opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout?hl=en.
Google Adwords and Conversion measurement
Services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA are incorporated into this website, including Google Adwords, an online marketing tool. Google is certified under the Privacy Shield Agreement and guarantees compliance with European data protection laws. Google Adwords is used to place ads on the Google Advertising Network to be displayed to users who are likely to be interested. This allows for more targeted advertising of the contents of and within this website, with users being presented only with ads that potentially correspond to their interests. On websites belonging to the Google Advertising Network, Google directly executes a code that integrates so-called marketing tags into the website, downloading an individual cookie on the user’s device. The cookie tracks which websites the user visits, which contents he/she is interested in, as well as technical information about the browser, operating system and time of visit to the website. Google also uses conversion cookies to generate statistics that count the total number of users who have viewed the ad. However, users themselves are not personally identifiable, as Google only processes cookie-related data within anonymous user profiles unless a user expressly consents to Google processing their data without anonymisation. For further information, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads).
Twitter
We have integrated a Twitter widget into our customer management system so that the tweets from our account are displayed directly on our website. Through this connection, log data are transmitted to Twitter and a cookie is set on the user’s computer. After a maximum of ten days, Twitter will begin deleting, anonymising or aggregating the collected data. For more information, please refer to the Twitter Privacy Policy (https://twitter.com/en/privacy)
Facebook
This website integrates plug-ins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. The plug-ins are recognisable by the Facebook logo or “Like” button and establish a direct connection between the user’s browser and the Facebook server. Facebook receives the information that the user has visited this website and makes it possible to link the contents of the website to the user’s Facebook profile through the “Like” button. For more information, please refer to the Facebook Privacy Policy (https://www.facebook.com/legal/FB_Work_Privacy)
Instagram
This website uses social plug-ins provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. Recognisable by the Instagram logo, the plug-ins establish a direct connection between the user’s browser and the Instagram server located in the United States, so that Instagram receives information that the user has visited the relevant page. If the user is logged into the social network, Instagram can directly associate the data with the respective account. For further information, please refer to the Instagram data policy
(https://help.instagram.com/519522125107875?helpref=page_content)
Presence on social media
Hotel Tyrol maintains an online presence within various social networks and platforms to communicate with customers, users and anyone interested and inform them about its services. In this context, the data protection policies of each respective social network apply.
Transfer of data for domain registration
Domain registration requires that personal data be transmitted to the relevant national or international registrars. In this respect, we only transmit the minimum amount of data required. Users may view and consult the data provided to the registrars if they so wish. The registries prohibit the use of personal data for commercial or abusive purposes.
Transfer of data to certification purposes
Personal data are transferred to the competent authority for the issuance of an SSL certificate. In this respect, we only transmit the minimum amount of data required. The Data Subject consents to his/her data being automatically transferred to the authority for the purposes of certification.
Business analyses and market research
This website carries out analysis and profiling activities using personal data to identify current market trends and meet the wishes of users and clients. The data processed for these purposes include contact details, contract and invoicing data, payment data and usage data, as well as metadata of contractual partners, interested parties, customers and visitors to our website. Analysis of these data serves to increase user-friendliness, optimise our offer and increase efficiency; the data collected will not be disclosed to third parties.
Cookies
When you visit this website, session cookies are generated that are only stored for the duration of your visit. These cookies are not shared across domains nor used to track user behaviour.
Provision of personal data and refusal
The provision of personal data is optional but strictly necessary for the purposes listed in paragraph 3; failing to provide the data requested will result in the impossibility to perform the said activities.
Storage of personal data
Unless expressly stated otherwise in this notice, processed data will be deleted as soon as they are no longer required for the purposes outlined in paragraph 3, provided that storage is not or no longer required by law. As a general rule, personal data will not be kept for longer than two years.
If deletion is not possible for legal reasons, data processing will be restricted, i.e. the data will be blocked and not used for any other purposes.
Rights of Data Subjects:
Pursuant to the GDPR, Data Subjects have the following rights:
1. The right to access their personal data that the Data Controller stores about them, to demand the erasure or rectification of data and the restriction of processing as well as the right to object to processing;
2. The right to data portability, i.e. to receive their own data from the Data Controller in a structured and comprehensible format, and to request the transmission of data to another Controller;
3. The right to revoke their consent to the processing of data at any time provided that the lawful basis of the processing is the Data Subject’s consent, without prejudice to the legitimacy of data processing carried out on the basis of consent until the time of revocation;
4. The right to file a complaint with the competent Supervisory Authority.
To exercise these rights, Data Subjects may send a request by certified e-mail to the following e-mail address info@hotel-tyrol.org or by registered letter with acknowledgement of receipt to: Hotel Tyrol – Familie Stockner – Vinzenz-Goller-Weg 29 – I-39040 Brixen/St. Andrä.