Privacy policy

The privacy policy of Hotel Jungbrunn GmbH & Co. KG is based on the terminology used by the European legislator when adopting the GDPR. Our privacy policy is intended to be easy to read and understand for the public as well as for our guests and business partners. To ensure this, we explain the terminology used.
Among others, we use the following terms in this privacy policy and on our website:

• Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
• Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
• Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
• Pseudonymization means processing personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures that ensure the personal data is not attributed to an identified or identifiable natural person.
• Controller is the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of Member States, the controller or specific criteria for its nomination may be provided for by Union law or Member State law.
• Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
• Recipient is a natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union law or Member State law shall not be regarded as recipients.
• Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
• Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

Hotel Jungbrunn GmbH & Co. KG
Oberhöfen 25
A-6675 Tannheim
Austria

Phone: +43 (0) 5675 6248
Fax: +43 (0) 5675 6544
Webseite: www.jungbrunn.at
E-Mail: hotel@jungbrunn.at

The data protection officer of the controller is:

Marcel Gutheinz
Oberhöfen 25
6675 Tannheim-Tirol
Österreich

Phone: +43 (0) 5675 6248;
Fax: +43 (0) 5675 6544;
Webseite: www.jungbrunn.at
E-Mail: hotel@jungbrunn.at

Any data subject may contact our Data Protection Officer at any time with questions and suggestions regarding data protection.

The website of Hotel Jungbrunn GmbH & Co. KG collects a series of general data and information with each visit by a data subject or automated system. This general data and information is stored in server log files. The following may be collected:
(1) browser types and versions used,
(2) operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (referrer),
(4) subpages accessed on our website,
(5) date and time of access,
(6) IP address,
(7) internet service provider of the accessing system, and
(8) other similar data and information used for threat prevention in the event of attacks on our IT systems.
When using this general data and information, Hotel Jungbrunn GmbH & Co. OG does not draw conclusions about the data subject. Rather, this information is needed to:
(1) deliver the content of our website correctly,
(2) optimize our website content and advertising,
(3) ensure the long-term functionality of our IT systems and website technology, and
(4) provide law enforcement authorities with the necessary information in the event of a cyberattack.
These anonymized data and information are evaluated statistically and also with the aim of increasing data protection and data security within our company in order to ultimately ensure an optimal level of protection for personal data processed by us. Server log file data is stored separately from any personal data provided by the data subject.

The data subject has the option to register on the website of the controller by providing personal data. Which personal data is transmitted to the controller results from the respective input form used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the transfer to one or more processors (e.g., a parcel service provider) who likewise use the personal data exclusively for internal purposes attributable to the controller.
By registering on the controller’s website, the IP address assigned by the data subject’s internet service provider (ISP), the date, and time of registration are also stored. This data is stored because this is the only way to prevent misuse of our services and, if necessary, to enable the investigation of criminal offenses and copyright infringements. In this respect, storing this data is necessary to protect the controller. This data is generally not passed on to third parties unless there is a legal obligation to do so or the disclosure serves criminal prosecution or legal enforcement.
Registration of the data subject, with voluntary disclosure of personal data, serves the purpose of enabling the controller to offer content or services to the data subject that can only be offered to registered users due to the nature of the matter. Registration also serves our own documentation purposes. In addition, we use the data collected via the guest account for customer acquisition, in particular for telephone contact and for sending advertising by post and email.
Registered persons are free to have the personal data provided during registration completely deleted from the controller’s database.
The controller will provide any data subject upon request at any time with information as to what personal data is stored about them. Furthermore, the controller will correct or delete personal data at the request or notice of the data subject, insofar as this does not conflict with statutory retention obligations. The Data Protection Officer named in this privacy policy and all employees of the controller are available as points of contact.

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or insofar as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or a legally prescribed storage period expires, the personal data will be routinely blocked or erased in accordance with legal requirements.

• Right to Confirmation
  Each data subject has the right granted by the European legislator to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right, they may contact our Data Protection Officer or another employee of the controller at any time.
• Right of Access
  Each data subject affected by the processing of personal data has the right to obtain from the controller at any time, free of charge, information about their personal data stored and a copy of this information. The European legislator also grants access to the following information:
  – processing purposes
  – categories of personal data processed
  – recipients or categories of recipients to whom personal data has been or will be disclosed, in particular recipients in third countries or international organizations
  – if possible, the planned period for which the personal data will be stored; if not possible, the criteria used to determine that period
  – existence of the right to rectification, erasure, restriction of processing, or to object to processing
  – existence of the right to lodge a complaint with a supervisory authority
  – where the personal data is not collected from the data subject: available information about the source
  – existence of automated decision-making, including profiling under Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences for the data subject
– whether personal data is transferred to a third country or an international organization and, where applicable, information about appropriate safeguards.
  To exercise the right of access, the data subject may contact our Data Protection Officer or another employee at any time.
• Right to Rectification
  Each data subject has the right to request the immediate rectification of inaccurate personal data concerning them. Taking into account the purposes of processing, the data subject also has the right to have incomplete personal data completed—including by means of a supplementary statement.
• Right to Erasure (“Right to be Forgotten”)
  Each data subject has the right to request that the controller erase personal data concerning them without undue delay, provided that one of the reasons under Article 17 GDPR applies and processing is not necessary.
(Your text continues here with the full list of reasons and obligations; I can translate the remainder in the same legal-accurate form.)
• Right to Restriction of Processing
  Each data subject has the right to obtain restriction of processing under the conditions laid down in Article 18 GDPR.
• Right to Data Portability
  Each data subject has the right to receive personal data concerning them in a structured, commonly used, and machine-readable format, and to transmit those data to another controller under the conditions of Article 20 GDPR.
• Right to Object
  Each data subject has the right to object, on grounds relating to their particular situation, at any time to processing based on Article 6(1)(e) or (f) GDPR, including profiling. Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time.
  Automated Individual Decision-Making, Including Profiling
  Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the conditions of Article 22 GDPR apply.
• Right to Withdraw Consent
  Each data subject has the right to withdraw consent to the processing of personal data at any time.
• Right to Lodge a Complaint
  In the event of violations of data protection law by Hotel Jungbrunn GmbH & Co. KG, you have the right under Article 77(1) GDPR to lodge a complaint with the competent supervisory authority.

The controller collects and processes applicants’ personal data for the purpose of handling the application process. Processing may also take place electronically, in particular where an applicant submits application documents electronically, for example by email. If an employment contract is concluded, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents are automatically deleted six months after notification of the rejection decision, unless deletion conflicts with other legitimate interests of the controller.

We require name, address, date of birth, contact details, insurance data, where applicable health data, and other information from hotel guests in order to fulfill our contractual and legal obligations under accommodation / package travel / wellness service contracts. Any additional information serves to facilitate work processes or faster communication.
Guest data is stored electronically solely for the purpose of providing the agreed services properly and comprehensively. Data will not be passed to third parties without guests’ consent unless required to provide the services, for example within the scope of processing by a service provider. If you do not wish your data to be stored, please inform us. In that case, data will be deleted in accordance with legal requirements.
Otherwise, guest data will be deleted after the stay has ended, once it is no longer needed for invoicing, and after the statutory retention periods have expired.

We require name, address, contact details, and other information from suppliers/service providers to fulfill contractual and legal obligations. Data is stored electronically solely for the purpose of fulfilling obligations properly. No disclosure to third parties without consent unless necessary to perform the order relationship, for example within the scope of commissioned processing. If storage is not desired, please inform us; deletion will then take place in accordance with legal requirements.

We require name, address, contact details, payment data, and other information from users of our online shop to fulfill contractual and legal obligations and to facilitate future purchases. Storage is electronic and solely for providing agreed services and enabling easier future use of the online shop. No disclosure to third parties without consent unless required for the provision of services (e.g., within the scope of commissioned processing). If storage is not desired, please inform us; deletion will then take place in accordance with legal requirements.

We require name and email address (and possibly other information) from newsletter recipients to ensure proper newsletter delivery. Data is stored electronically solely for this purpose. No disclosure to third parties without consent unless necessary for service provision (e.g., within the scope of commissioned processing). If storage is not desired, please inform us; deletion will then take place in accordance with legal requirements.

We require name, email address, commenter website, and other information from blog commenters to publish comments properly and credibly in connection with the commenter’s identity. Data is stored electronically solely for providing the comment function. No disclosure to third parties without consent unless necessary for service provision (e.g., within the scope of commissioned processing). If storage is not desired, please inform us; deletion will then take place in accordance with legal requirements.

The controller has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection and analysis of data about the behavior of website visitors and is used primarily for optimizing a website and for cost-benefit analysis of online advertising.
Operating company: Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp” for web analytics via Google Analytics. With this addition, Google shortens and anonymizes the IP address of the data subject’s internet connection when access to our website occurs from a Member State of the European Union or another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the collected data, among other things, to evaluate usage of our website, to compile online reports showing activities on our website, and to provide other services related to website usage.
Google Analytics sets a cookie on the data subject’s IT system. With the cookie, Google can analyze use of our website. Each time a page of this website is accessed, the browser on the data subject’s IT system is automatically prompted by the Google Analytics component to transmit data to Google for online analysis. As part of this technical process, Google may receive knowledge of personal data such as the IP address, which, among other things, serves Google to track visitor origins and clicks and to enable commission statements.
The cookie stores personal information such as access time, the location from which access originated, and the frequency of visits. With each visit to our website, this personal data—including the IP address—may be transferred to and stored by Google in the United States. Google may pass this personal data on to third parties.
The data subject may prevent cookies from being set at any time via browser settings and may thus permanently object to cookie setting. Such settings would also prevent Google from setting a cookie. In addition, cookies already set by Google Analytics can be deleted at any time via the browser or other software programs.
The data subject may also object to and prevent the collection of data generated by Google Analytics related to the use of this website and the processing of this data by Google. To do so, the data subject must download and install a browser add-on at:
https://tools.google.com/dlpage/gaoptout.
This add-on informs Google Analytics via JavaScript that no data or information about website visits may be transmitted to Google Analytics. Installation of the add-on is considered an objection by Google. If the IT system is later deleted, formatted, or reinstalled, the add-on must be installed again to disable Google Analytics. If the add-on is uninstalled or disabled, it may be reinstalled or reactivated.
You can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie will be set that prevents the collection of your data on future visits to this website: Disable Google Analytics.
Further information and Google’s applicable privacy policies can be found at:
https://www.google.de/intl/de/policies/privacy and
www.google.com/analytics/terms/de.html
Google Analytics is further explained here:
https://www.google.com/intl/de_de/analytics