Privacy Policy

Our processing of our users' personal data is limited to the data required to provide a functional website and our content and services. The processing of our users' personal data only takes place for the purposes listed below and if there is a legal basis (within the meaning of the GDPR). We only collect personal data that is actually required for the performance and processing of our tasks and services or that you have voluntarily provided to us.

We process your data on the basis of the legal provisions in Austria and the EU (GDPR & TKG "Telecommunications Act"). This data protection information provides an overview of the most important aspects of data processing on our website.

A) Data of the responsible party

Responsible within the meaning of the GDPR is: TAUERN SPA WORLD Betriebs-GmbH & Co KG

TAUERN SPA World Betriebs GmbH & Co KG
Tauern Spa Platz 1
5710 Kaprun
Austria

Telephone: +43 6547 2040-0
E-mail:
VAT ID number: ATU64234769

Hereinafter referred to as "we". For further questions on the subject of data protection, please contact datenschutz@tauernspakaprun.com.

The company data protection officer of TAUERN SPA World Betriebs GmbH & Co KG can be contacted at the above address for the attention of Mag. Per-Oliver Gustavson or via vsg.datenschutz@vamed.com.

B) Information on the collection & processing of your data

1. Scope of data processing

We only use personal data if it is necessary for the functioning of our website and the provision of our content and services. Whenever we process your personal data, we do so in compliance with the provisions of the GDPR, in particular in compliance with the lawfulness requirements for data processing pursuant to Art. 6 GDPR.

2. Legal basis

We process your personal data on the basis of your consent if this is necessary for the fulfillment of the contract or if we have a legitimate interest in data processing (Art. 6 para. 1 lit. a & f GDPR). If we base our data processing on your consent (Art. 6 para. 1 lit. a), you have the right to revoke any consent you may have given to the use of your personal data at any time. To do so, please use the contact address under A).

3. Storage & deletion of data

Personal data, if collected, will only be retained by us for as long as necessary to fulfill our contractual or legal obligations. If you have contacted us, we may retain your data for up to one year to evaluate the effectiveness of our sales and marketing. We delete the data collected as soon as this purpose of collection has been fulfilled, unless there is a need to retain it until the end of the statutory limitation period for evidentiary purposes or due to legal retention obligations.

C) Processing purposes

When we collect your personal data, we do so for one of the following reasons:

  • Operation of the website 
  • Newsletter subscription management 
  • Tracking (analysis of visitor traffic)
  • Social media presence (e.g. Facebook fan page)

If personal data is collected on our website for the purposes of providing a functional website, newsletter subscription management, tracking or social media presence, it may be processed for the following purposes:

  • To improve the website (e.g. heatmaps, A/B tests)
  • To personalize the website experience (display results from tracking data, third-party content)
  • To analyze user behavior on the website
  • To enable communication with you (e.g. to inform you of news by newsletter)

1. Scope of data processing when accessing our website

Each time you visit our website, we process the following data:

Data that is always processed:

  • type of browser
  • device category & operating system
  • IP address of the page from which the file was requested (so-called "referrer URL")
  • your internet service provider (ISP)
  • approximate geographical location
  • the name of the file 
  • websites or sources from which you came to us
  • the date and time of the request (so-called "time stamp") 
  • the amount of data transferred and the access status (file transferred, file not found, etc.) 
  • a description of the type of web browser used (e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Apple Safari, Opera, etc.)

Data collected on the basis of the user's consent:

  • websites that you visit from our website
  • clicks
  • mouse movements
  • scroll depth
  • events on the website (e.g. video views, inquiries, purchases, etc.)
  • number of users 
  • session statistics 
  • approximate location determination 
  • browser and device information

2. Cookies

We use cookies on our website to make our offer user-friendly. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. The cookies remain stored until you delete them. This enables us to recognize your browser on your next visit.

If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you allow them in individual cases. However, we would like to point out that deactivating cookies will mean that you will not be able to use all the functions of our website.

The legal basis for the data processed by cookies is Art. 6 para. 1 lit. f GDPR.

The cookies remain valid for a maximum of two years and are then deleted by your browser.

D) Contact

  • If you fill out a contact form or send us an e-mail or other electronic message, your details will only be stored for the purpose of processing the inquiry, possible further questions in connection with it, and will only be used within the scope of the inquiry. 
  • The legal basis for processing your request is Art. 6 para. 1 lit. a or b GDPR.
  • We will delete your personal data after your request has been dealt with.

1. Newsletter

  • When you register for our newsletter, we will immediately send an e-mail containing a hyperlink to the e-mail address you have provided. By clicking on this link, you confirm your newsletter registration (double opt-in procedure). If this registration confirmation is not received within 7 days, we will delete the e-mail address from our temporary list and no registration will take place.
  • By confirming your newsletter registration, you consent to the storage of your e-mail address including the date of registration, IP address and the respective list name of the desired newsletter. We only use your e-mail address and the personal data collected at the same time (salutation, title, first name, last name, gender, e-mail address, telephone number, home address) for the administration and sending of the newsletter you have requested at the periodicity specified during registration.
  • Our newsletters do not contain any obvious or hidden counters, third-party advertising or links to external sites that are not directly related to the content of our newsletter.
  • The legal basis for sending you a newsletter is Art. 6 para. 1 lit. a GDPR.
  • Each newsletter contains a note on how you can unsubscribe from the newsletter.

2. Social Plugins

All integrated social plugins work using the 2-click method; this means that the recording of your surfing behavior by a plugin only starts when you activate the corresponding plugin by clicking on it. If you are logged into your social media platform account at the same time as visiting our website, for example, the page visit can be assigned to your user account after activating the plugin (first click).

E) Data security

We use the widespread SSH encryption method in conjunction with the highest encryption level supported by your browser when you visit our website. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser.

We also use other suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

F) Recipients of data and data transfer to third countries

1. Recipients of data

We do not sell, trade or transfer personal data to uninvolved third parties. Exceptions are trusted partners or service providers who assist us with the website, business operations or service delivery. Although these trusted third parties may have access to personal data, they are bound by contract to keep this information confidential.

We may also disclose your information as we believe necessary to comply with the law, enforce our site policies, or protect our or others' rights, property, or safety. In addition, information about visitors that is not directly identifiable may be shared with third parties for marketing, advertising or other purposes.

We only pass on the data collected by us to third parties if it is necessary for the fulfillment of a contract, to ensure the technical function of the website or if there is another legal reason for passing on the data.

In some situations, we use service providers to process personal data. These may include data centers that host the website and databases, IT providers that maintain the systems, and consulting firms. When data is passed on to these service providers, they only use the information to fulfill their specific tasks. They have been carefully selected and commissioned by us. They contractually follow our instructions and have taken appropriate measures to protect the rights of data subjects. A list of service providers:

Company Address Function Website
TAC Informationstechnologie GmbH Schildbach 211, 8230 Hartberg, Austria Shop system (TAC) tac.eu.com
Hotelchamp B.V. Burgerweeshuispad 101, 1076 ER Amsterdam, Netherlands Sales solutions/Hotel management (hotelchamp) hotelchamp.com
TrustYou GmbH Schmellerstraße 9, 80337 München, Germany Widget (Ratings) trustyou.com
AccessiWay GmbH Praterstraße 1/34, 1020 Wien, Austria Widget (Accessibility) accessiway.at
Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland Analysis tool/Marketing tool (Analysis & Advertising) policies.google.com
Meta Platforms Ireland Limited Merrion Road, Dublin 4, D04 X2K5, Ireland Analysis tool/Marketing tool (Analysis & Advertising) facebook.com
Microsoft Ireland Operations Limited One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland Analysis tool/Marketing tool (Analysis & Advertising) privacy.microsoft.com
Spotify AB Regeringsgatan 19, 111 53 Stockholm, Sweden Analysis tool/Marketing tool (Analysis & Advertising) spotify.com
Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland Analysis tool/Marketing tool (Analysis & Advertising) policy.pinterest.com
TikTok Technology Limited 10 Earlsfort Terrace, Dublin D02 T380, Ireland Analysis tool/Marketing tool (Analysis & Advertising) tiktok.com
Hotjar Ltd Dragonara Business Centre 5. Stock, Dragonara Road, Paceville St Julian's STJ 3141, Malta Analysis tool/Marketing tool (User behaviour) hotjar.com
myNET gmbh Bruggfeldstraße 5, 6500 Landeck, Austria Website hoster mynet.at
Onlyfy Bewerbungsmanager Am Strandkai 1, 20457 Hamburg, Germany
SC-Networks GmbH Würmstraße 4, 82319 Starnberg, Germany
Company TAC Informationstechnologie GmbH
Address Schildbach 211, 8230 Hartberg, Austria
Function Shop system (TAC)
Website tac.eu.com
Company Hotelchamp B.V.
Address Burgerweeshuispad 101, 1076 ER Amsterdam, Netherlands
Function Sales solutions/Hotel management (hotelchamp)
Website hotelchamp.com
Company TrustYou GmbH
Address Schmellerstraße 9, 80337 München, Germany
Function Widget (Ratings)
Website trustyou.com
Company AccessiWay GmbH
Address Praterstraße 1/34, 1020 Wien, Austria
Function Widget (Accessibility)
Website accessiway.at
Company Google Ireland Limited
Address Gordon House, Barrow Street, Dublin 4, Ireland
Function Analysis tool/Marketing tool (Analysis & Advertising)
Website policies.google.com
Company Meta Platforms Ireland Limited
Address Merrion Road, Dublin 4, D04 X2K5, Ireland
Function Analysis tool/Marketing tool (Analysis & Advertising)
Website facebook.com
Company Microsoft Ireland Operations Limited
Address One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Function Analysis tool/Marketing tool (Analysis & Advertising)
Website privacy.microsoft.com
Company Spotify AB
Address Regeringsgatan 19, 111 53 Stockholm, Sweden
Function Analysis tool/Marketing tool (Analysis & Advertising)
Website spotify.com
Company Pinterest Europe Ltd.
Address Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland
Function Analysis tool/Marketing tool (Analysis & Advertising)
Website policy.pinterest.com
Company TikTok Technology Limited
Address 10 Earlsfort Terrace, Dublin D02 T380, Ireland
Function Analysis tool/Marketing tool (Analysis & Advertising)
Website tiktok.com
Company Hotjar Ltd
Address Dragonara Business Centre 5. Stock, Dragonara Road, Paceville St Julian's STJ 3141, Malta
Function Analysis tool/Marketing tool (User behaviour)
Website hotjar.com
Company myNET gmbh
Address Bruggfeldstraße 5, 6500 Landeck, Austria
Function Website hoster
Website mynet.at
Company Onlyfy Bewerbungsmanager
Address Am Strandkai 1, 20457 Hamburg, Germany
Function
Website
Company SC-Networks GmbH
Address Würmstraße 4, 82319 Starnberg, Germany
Function
Website

In addition, data may be disclosed in the context of official requests, judicial orders and legal proceedings if this is necessary to protect or enforce rights. If government agencies make a legitimate claim to us for customer data, we strive to minimize the scope of disclosure. Only the specific data specified by the relevant legal request will be released by us.

2. Data transfer to third countries

We use services from providers, some of which are based in countries outside the European Union or the European Economic Area or process data there. This means that data may be transferred to countries that do not have the same data protection standards as the European Union. For some of these countries, the European Commission has adopted an adequacy decision, see Data Privacy Framework in the USA. If such a decision does not exist, we use mechanisms such as the EU standard contractual clauses or binding corporate rules to ensure that adequate data protection is maintained when data is transferred. If data is transferred to such a third country and there is neither an adequate decision nor appropriate security measures in place, there is a risk that local authorities (such as intelligence agencies) may access and use this data. This could make it difficult to enforce your data protection rights.

G) Your rights

You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, data portability, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling. 

You also have the right to withdraw your consent to the use of your personal data at any time. 

You can assert your aforementioned rights at any time by contacting us at the address provided (see above for contact details).

If you are of the opinion that the processing of your personal data by us is contrary to the applicable data protection regulations, you have the option of complaining to the Austrian Data Protection Authority. 

Book now
Select now
From day spa to short breaks to full holidays, how do you want to enjoy our 4*S resort? The choice is yours!
Watchlist 0