1. General information on how we process your personal data
Data Controller within the meaning of the GDPR:
Lucian Burghotel Oberlech GmbH & Co KG
6764 Lech am Arlberg
Tel.: +43 5583 22 91
Welcome to our website and thank you for your interest in our hotel. We are serious about protecting your personal data. We strictly comply with the statutory provisions of the EU General Data Protection Regulation and the Austrian Data Protection Act as amended. Below, we would like to give you comprehensive, easy-to-understand information about how we as data controller process your personal data. Our data protection policy is kept up-to-date and thus refers to the current legal situation. That is why we expressly reserve the right to change or adapt it in the future. We therefore recommend that you read the privacy notice on a regular basis to stay informed about how we process your personal data. If you have questions or suggestions, please contact us at the address given below.
Processing and transmission of personal data
The term “processing” encompasses any kind of operation of personal data, e.g. its collection, recording, organization, storage, adaptation, retrieval, disclosure, erasure, etc. up to its final destruction. If you make personal data available to our hotel outside of a contract, we process this data for the purpose that we indicated at the moment of its collection. As a general rule, we will ask for your consent in such a case, e.g. when you subscribe to our newsletter. Transmission of your data will then only be effectuated within the limits of your consent. In certain other cases, processing of your data can be justified by a legal obligation or by our legitimate interests. Whenever possible, we will inform you about such instances in advance. If you enter into a contract with us, e.g. an accommodation agreement, we will process and transmit your personal data only to the extent that is necessary for the performance of the contract. For example, it can be necessary to transmit your data to a mail service provider if you wish to receive your booking documents by postal mail.
Deletion of personal data processed by us
We will delete your personal data as soon as there is no further legal basis to process or store it. To ensure this, we have put in place regular deletion mechanisms. Additionally, you have the right to request erasure of your data at any time (see paragraph below). If there is a legal obligation to store your data (e.g. retention periods prescribed by tax law), we will erase the data concerned upon expiry of the applicable retention period.
Rights of the data subject / Your rights regarding the protection of your personal data
You have a number of rights regarding your personal data processed by us. You may exercise all of them by contacting us via e-mail, phone or postal mail at the address given below, free of charge and without any form requirement. Please note that we might have to verify your identity. Your rights in detail:
- Right of access: You may demand information about your personal data processed by us at any time. If you do so, we will inform you in writing about which categories of personal data we store about you, the purposes of the data processing, the categories of recipients to which it is transmitted, and how long we intend to store it. We will respond to your request without undue delay, within one month at the latest.
- Right to erasure: You may demand the erasure of your personal at any time. We will comply with this request if we no longer need the data for the purpose for which it was collected, if you withdraw a consent previously given consent, if the data processing is illegal or if we must erase your data to comply with a statutory obligation.
- Right to rectification: If we erroneously process incorrect or incomplete data about you, we will obviously rectify it. Please inform us about such an incidence and we will comply with your request as soon as possible.
- Right to restriction of processing: Under certain circumstances, e.g. if your data has previously been processed unlawfully but you do not want it to be erased, we will at your request store, but not further process your personal data.
- Right to data portability: You have the right to receive, in a commonly used and machine-readable format, your personal data that you have previously provided to us based on a contract or on your consent. You can use this copy for your own purposes and forward it to future contracting partners. We will also directly transmit your data to an addressee named by you, provided that you wish this to be done and it is technically feasible. In this case, we will inform you once the transmission has been completed successfully. We will comply with your request without undue delay, within one month at the latest.
- Right to object: Under certain conditions, you are entitled to object to the further processing of your data, e.g. when we process your personal data on the basis of our legitimate interests for the purpose of direct marketing. In this case, we will cease to process your personal data for the purposes concerned.
Right to complain
The EU General Data Protection Regulation and the Austrian Data Protection Act guarantee the aforementioned rights in the area of data privacy. If you believe our company has breached data protection law, you may lodge a complaint with a data protection supervisory authority. In Austria, the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, is competent to handle these complaints. You might also be entitled to claim damages based on other legal provisions.
2. Specific information regarding data processing on our website
Automatic data storage
Any website you visit, including ours, automatically creates and stores certain information. If you visit our website as you now do, our web server (this is the computer on which this website is stored) automatically saves the following data
- The address (URL) of the viewed website
- Your browser and the version of your browser
- The operating system you use
- The address (URL) of the website you visited immediately before (Referrer URL)
- The host name and the IP-address of the device from which you access the website
- Date and time of day
As a general rule, the web server log files will be stored for two weeks and then they will be deleted automatically. We do not transmit this data, but we cannot fully exclude the possibility that it might be illegally accessed.
Collection of personal data on our website / contacting us via e-mail
If you visit our website, we only collect data that does not enable us to directly retrace your identity and we only use this pseudonymized data to understand and improve our website’s performance (concerning web analysis, read more below).
We only collect non-pseudonymized personal data as long as you make it directly available to us, e.g. if you contact us via the e-mail-address that is indicated on our website. This data is only processed to handle your request and we will delete it as soon as the matter you contacted us for is resolved. In this connection, we would like to point out that due to the technical conception of e-mails, their confidentiality during transmission cannot be guaranteed.
Use of our online booking tool
The data that you make available to us via our online booking tool (date of your stay, room category, title, first and last name, company, telephone number, e-mail-address, residential address, credit card number, additional commentary) will be processed to complete your booking, to contact you in this regard and to prepare and organize your stay. By clicking on the “online booking”-button on our website, you will automatically be forwarded to our booking platform which is operated by Seekda GmbH, Neubaugasse 10/15, 1070 Wien. Your data will be collected by Seekda GmbH as our service provider and then be transmitted to us. We have entered into an Data Processing Agreement with Seekda GmbH to ensure full GDPR compliance.
If during the booking process you decide on the conclusion of a travel cancellation insurance policy by clicking on the respective checkbox, we will also transmit your personal data to the insurance company (Europäische Reiseversicherung AG) to the extent necessary for the performance of the insurance contract. Concerning data processing on the basis of the insurance contract, Europäische Reiseversicherung AG is the sole controller of your personal data. Read more here.
Data security / SSL encryption
We take all necessary and adequate technical and organizational measures to protect your personal data from loss or abuse. Your data will be stored in a secure, state-of-the-art operating environment. The access to our site is secured via HTTPS if your browser supports SSL encryption. This means that all communication between your device and the web server will be encrypted and cannot easily be decrypted and read by unauthorized third parties.
Information on cookies and how to delete and deactivate them
Our website uses HTTP cookies to store user-specific data. A cookie is a small data package which is exchanged between your browser and the web server. Its purpose is to support the functioning of web applications, such as our booking platform. There are two kinds of cookies: first-party cookies are created by our website, third-party-cookies are created by other websites (e.g. Google Analytics). Among these two kinds, there are three different categories of cookies: cookies that are indispensable for the proper functioning of the website, functional cookies that secure the website’s performance and target-oriented cookies to improve user experience.
Our hotel uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer (see above), to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA.
Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here. Please note that on this website, Google Analytics code is supplemented by “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so called IP-masking). You can find more information here.
On our website we use Google Maps, a service provided by Google, Inc. (“Google“). By using the map on our website, data may be transmitted to Google. You can read more about the data collected by Google and about the purposes of this collection here: https://www.google.com/intl/de/policies/privacy/.
On our website we use Google Fonts, a service provided by Google, Inc. (“Google”). There is no authentication procedure involved and no cookies will be sent to the Google Fonts API. If you have a Google account, no account data will be sent to Google during the use of Google Fonts. Google only records the use of CSS and the used Fonts and securely stores this data. You can read more here: https://developers.google.com/fonts/faq.
On our website we use YouTube’s video embedding feature (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; „YouTube“). The feature enables us to show YouTube videos via an iFrame on our website. We activated the “extended data protection mode” on all videos embedded on our website which ensures that YouTube does not collect any information about users that do not watch the embedded videos. Please note that once you click on the video, information will be transmitted to and stored by YouTube. You can find more information about the collection and further processing of personal data by YouTube and about your rights and the possibilities to protect your privacy here.
On our website we use the Facebook Pixel service provided by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, “Facebook”).
The code that is implemented on this site can analyze behavior of website users that have been directed to the website via an advertisement placed on Facebook. This feature also sets cookies. Facebook collects and stores this data and uses it to improve and optimize Facebook advertisements. We cannot access personal data collected by the Pixel feature.
By using the Facebook Pixel, your visit of our website will be registered by Facebook so that visitors will see advertisements that are relevant to them. If you own a Facebook account and are logged in, your visit of our site will be associated with your Facebook account.
Find out more about how Facebook Pixel is used for advertisement campaigns here: https://www.facebook.com/business/learn/facebook-ads-pixel
If you own a facebook account, you can change your settings concerning advertisements here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Social Media Plug-Ins
We do not use any social media plug-ins. The buttons you can see on this site are simply linking to the social media presences of Burghotel Oberlech.
3. Information concerning our Facebook fanpages
Our hotel runs the following Facebook fan pages:
• Burg Hotel: https://www.facebook.com/BurgLech
• Kriegeralpe: https://www.facebook.com/Kriegeralpe
• ArlbergInsider: https://www.facebook.com/ArlbergInsider
We as operators use our Facebook fan pages and the “Page Insights” feature on the basis of our legitimate interests (article 6 (1) lit. f GDPR) to learn more about which groups of people interact with our fan pages. Due to this information, we can continually improve our online appearances and our hotel’s offers. Facebook is in charge of fulfilling most of the data controller’s responsibilities regarding the “Page Insights” feature. Therefore, Facebook provides the respective data processing information, responds to requests concerning data subject’s rights, guarantees user data security and reports data breaches to the competent authority. If you have any questions about how Facebook processes your personal data, please contact Facebook directly or consult Facebook’s data policy.