Privacy Policy

I. NAME AND ADDRESS OF THE CONTROLLER

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:

Schiehser Hotelbetriebs GmbH
Pelzgasse 1
1150 Vienna, Austria

Managing Director: Alexander Schiehser

II. GENERAL INFORMATION ON DATA PROCESSING

Scope of the Processing of Personal Data

As a rule, we collect and use our users’ personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users’ personal data generally takes place only with the user's consent. An exception applies in cases where obtaining prior consent is not feasible for practical reasons and where the processing of the data is permitted by law.

Legal Basis for the Processing of Personal Data

Where we obtain the data subject’s consent for processing personal data, Article 6(1)(a) GDPR serves as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.

Where processing is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

Where processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

Where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis.

Data Deletion and Storage Period

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject.

Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless there is a necessity to continue storing the data for the conclusion or performance of a contract.

III. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system accessed our website
  • Websites accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Where data is collected for the provision of the website, this is the case when the respective session has ended.

Where data is stored in log files, this occurs no later than seven days after collection. Storage beyond this period is possible. In such cases, users' IP addresses are deleted or anonymized so that assignment to the accessing client is no longer possible.

5. Right to Object and Removal Option

The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Consequently, users have no option to object.

IV. USE OF COOKIES

a) Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the user's internet browser or by the internet browser on the user's computer system.

When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a unique character string that enables the browser to be identified when the website is revisited.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data may be stored and transmitted in cookies:

  • Language settings
  • Items in a shopping cart
  • Login information

In addition, we use cookies that enable analysis of users' browsing behavior.

The following data may be transmitted:

  • Search terms entered
  • Frequency of page views
  • Use of website functions

The data collected in this way is pseudonymized through technical measures. It is therefore no longer possible to assign the data to the individual user. The data is not stored together with other personal data.

When accessing our website, users are informed via an information banner about the use of cookies for analytical purposes and are referred to this Privacy Policy. Information is also provided on how cookies can be disabled in browser settings.

b) Legal Basis for Data Processing

The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.

c) Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users.

Certain functions of our website cannot be provided without the use of cookies. For these functions, it is necessary that the browser is recognized even after changing pages.

d) Duration of Storage, Right to Object and Removal Option

Cookies are stored on the user's device and transmitted from there to our website. Therefore, users have full control over the use of cookies.

By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

The transmission of Flash cookies cannot be prevented via browser settings, but can be disabled by changing the settings of the Flash Player.

V. CONTACT FORM AND EMAIL CONTACT

1. Description and Scope of Data Processing

A contact form is available on our website which can be used for electronic communication with us. If a user makes use of this option, the data entered into the form will be transmitted to us and stored.

At the time the message is sent, the following data is also stored:

  • The user's IP address
  • Date and time of registration/submission

During the submission process, your consent is obtained for the processing of the data and reference is made to this Privacy Policy.

Alternatively, it is possible to contact us via the email address provided on the website. In this case, the user's personal data transmitted with the email will be stored.

The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal Basis for Data Processing

Where the user has given consent, the legal basis for processing the data is Article 6(1)(a) GDPR.

The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) GDPR.

If the email contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of Data Processing

The processing of personal data from the contact form is used solely for handling the contact request.

In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The additional personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

For personal data entered in the contact form and data sent by email, this is the case when the respective conversation with the user has ended.

A conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Additional personal data collected during the submission process will be deleted no later than seven days after collection.

5. Right to Object and Withdrawal of Consent

Users may revoke their consent to the processing of personal data at any time.

If a user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Withdrawal may be exercised by sending an email to the contact address provided by the controller.

In this case, all personal data stored in the course of the contact process will be deleted.

VI. HOSTING VIA WEBFLOW

This website is hosted by Webflow Inc., located at 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA ("Webflow").

When you visit our website, Webflow collects various log files, including your IP address(es).

Webflow is a tool used to create and host websites. Webflow stores cookies and uses other technologies that are necessary for displaying the website, providing certain website functions, and ensuring security (necessary cookies).

The use of such necessary cookies is based on Article 6(1)(f) GDPR. Schiehser Hotels has a legitimate interest in ensuring that its website is presented as reliably as possible.

The use of other Webflow features and the setting of non-essential cookies (such as analytics or advertising cookies) only takes place with your consent. Processing is therefore based exclusively on Article 6(1)(a) GDPR and, where applicable, Section 165(2) Austrian Telecommunications Act 2021 (TKG 2021).

Consent may be withdrawn at any time with future effect. Please note that such withdrawal may result in certain website functions becoming unavailable and/or certain services no longer being provided.

Further information can be found in Webflow's Privacy Policy.

If your personal data is transferred to Webflow servers located in the United States, this transfer is based on the European Commission's Standard Contractual Clauses (SCCs), which have been concluded with Webflow.

Through these SCCs, Webflow has committed to maintaining a level of data protection comparable to that required within the European Union.

We have concluded a Data Processing Agreement (DPA) with the provider mentioned above. This agreement ensures that Webflow processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.

VII. WEB ANALYTICS USING GOOGLE ANALYTICS AND FACEBOOK SOCIAL PLUG-INS

1. Scope of Processing of Personal Data

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The service is used in Universal Analytics mode, which makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and analyze user activity across devices.

Google Analytics uses cookies, which are text files stored on your computer and which enable analysis of your use of the website.

The information generated by the cookie regarding your use of this website is generally transmitted to and stored on a Google server in the United States.

If IP anonymization is activated on this website, your IP address will first be shortened by Google within Member States of the European Union or other states party to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

On behalf of the operator of this website, Google will use this information to:

  • Evaluate your use of the website
  • Compile reports on website activity
  • Provide additional services related to website usage and internet usage

These purposes also constitute our legitimate interest in data processing.

The legal basis for the use of Google Analytics is Article 6(1)(f) GDPR.

Data linked to cookies, user identifiers (e.g., User ID), or advertising IDs that we send to Google is automatically deleted after 60 months.

Data whose retention period has expired is automatically deleted once per month.

You can prevent the storage of cookies by adjusting your browser settings accordingly. However, please note that doing so may limit the functionality of this website.

You can also prevent Google from collecting and processing data generated by cookies (including your IP address) by downloading and installing the browser add-on provided by Google.

Opt-out cookies prevent future collection of your data when visiting this website.

To prevent tracking across multiple devices, you must perform the opt-out on each device used.

Facebook Social Plug-ins

We use Facebook Social Plug-ins provided by:

  • Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
  • Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94303, USA

These plug-ins are buttons through which Facebook can measure visitor interactions with our website.

If a visitor is simultaneously registered and logged into Facebook, additional information may be collected and stored by Facebook.

For technical reasons, Facebook receives your IP address. We have no influence over Facebook's use of this data.

Please refer to Facebook's Privacy Policy for further information, including details on how to block Facebook Social Plug-ins within your browser.

2. Legal Basis for Data Processing

The legal basis for processing users' personal data is Article 6(1)(f) GDPR.

3. Purpose of Data Processing

The processing of personal data enables us to analyze the browsing behavior of our users.

By evaluating the data collected, we can compile information about the use of individual components of our website.

This helps us continuously improve our website and its user-friendliness.

These purposes also constitute our legitimate interest pursuant to Article 6(1)(f) GDPR.

The anonymization of IP addresses adequately protects users' interests in safeguarding their personal data.

4. Duration of Storage

The data is deleted as soon as it is no longer required for our recording and analysis purposes.

5. Right to Object and Removal Option

Cookies are stored on the user's device and transmitted to our website.

Users therefore have full control over the use of cookies.

By changing browser settings, users may deactivate or restrict cookies.

Stored cookies can be deleted at any time, including automatically.

If cookies are disabled, some website functions may no longer be fully available.

Users can opt out of analytics tracking via the relevant opt-out mechanism provided on the website.

An opt-out cookie will then be stored, informing our system not to save the user's data.

If the user deletes this opt-out cookie, the opt-out process must be repeated.

VIII. RIGHTS OF DATA SUBJECTS

If your personal data is processed, you are considered a data subject under the GDPR and have the following rights:

1. Right of Access

You have the right to obtain confirmation as to whether personal data concerning you is being processed.

Where this is the case, you have the right to access information regarding:

  • The purposes of processing
  • The categories of personal data processed
  • The recipients or categories of recipients
  • The planned storage period or criteria used to determine it
  • The existence of rights to rectification, erasure, restriction, or objection
  • The right to lodge a complaint with a supervisory authority
  • The source of the data where it was not collected directly from you
  • The existence of automated decision-making, including profiling

You also have the right to be informed about safeguards relating to transfers of personal data to third countries or international organizations.

2. Right to Rectification

You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.

3. Right to Restriction of Processing

You may request restriction of processing under the circumstances provided by Article 18 GDPR.

4. Right to Erasure ("Right to be Forgotten")

You may request the immediate deletion of your personal data where one of the grounds specified in Article 17 GDPR applies.

This right does not apply where processing is necessary:

  • For exercising the right of freedom of expression and information
  • For compliance with a legal obligation
  • For reasons of public interest
  • For archiving, scientific, historical, or statistical purposes
  • For the establishment, exercise, or defense of legal claims

5. Right to Notification

Where you have exercised your right to rectification, erasure, or restriction of processing, the controller must communicate this to all recipients to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

7. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to processing based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.

8. Right to Withdraw Consent

You have the right to withdraw your consent at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, except in the circumstances permitted by Article 22 GDPR.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy under Article 78 GDPR.