Privacy Policy
Our processing of our users' personal data is limited to the data required to provide a functional website and our content and services. The processing of our users' personal data only takes place for the purposes listed below and if there is a legal basis (within the meaning of the GDPR). We only collect personal data that is actually required for the performance and processing of our tasks and services or that you have voluntarily provided to us.
We process your data on the basis of the legal provisions in Austria and the EU (GDPR & TKG "Telecommunications Act"). This data protection information provides an overview of the most important aspects of data processing on our website.
A) Data of the responsible party
Responsible within the meaning of the GDPR is: TAUERN SPA WORLD Betriebs-GmbH & Co KG
TAUERN SPA World Betriebs GmbH & Co KG
Tauern Spa Platz 1
5710 Kaprun
Austria
Telephone: +43 6547 2040-0
E-mail: office@tauernspakaprun.com
VAT ID number: ATU64234769
Hereinafter referred to as "we". For further questions on the subject of data protection, please contact datenschutz@tauernspakaprun.com.
The company data protection officer of TAUERN SPA World Betriebs GmbH & Co KG can be contacted at the above address for the attention of Mag. Per-Oliver Gustavson or via vsg.datenschutz@vamed.com.
B) Information on the collection & processing of your data
1. Scope of data processing
We only use personal data if it is necessary for the functioning of our website and the provision of our content and services. Whenever we process your personal data, we do so in compliance with the provisions of the GDPR, in particular in compliance with the lawfulness requirements for data processing pursuant to Art. 6 GDPR.
2. Legal basis
We process your personal data on the basis of your consent if this is necessary for the fulfillment of the contract or if we have a legitimate interest in data processing (Art. 6 para. 1 lit. a & f GDPR). If we base our data processing on your consent (Art. 6 para. 1 lit. a), you have the right to revoke any consent you may have given to the use of your personal data at any time. To do so, please use the contact address under A).
3. Storage & deletion of data
Personal data, if collected, will only be retained by us for as long as necessary to fulfill our contractual or legal obligations. If you have contacted us, we may retain your data for up to one year to evaluate the effectiveness of our sales and marketing. We delete the data collected as soon as this purpose of collection has been fulfilled, unless there is a need to retain it until the end of the statutory limitation period for evidentiary purposes or due to legal retention obligations.
C) Processing purposes
When we collect your personal data, we do so for one of the following reasons:
- Operation of the website
- Newsletter subscription management
- Tracking (analysis of visitor traffic)
- Social media presence (e.g. Facebook fan page)
If personal data is collected on our website for the purposes of providing a functional website, newsletter subscription management, tracking or social media presence, it may be processed for the following purposes:
- To improve the website (e.g. heatmaps, A/B tests)
- To personalize the website experience (display results from tracking data, third-party content)
- To analyze user behavior on the website
- To enable communication with you (e.g. to inform you of news by newsletter)
1. Scope of data processing when accessing our website
Each time you visit our website, we process the following data:
Data that is always processed:
- type of browser
- device category & operating system
- IP address of the page from which the file was requested (so-called "referrer URL")
- your internet service provider (ISP)
- approximate geographical location
- the name of the file
- websites or sources from which you came to us
- the date and time of the request (so-called "time stamp")
- the amount of data transferred and the access status (file transferred, file not found, etc.)
- a description of the type of web browser used (e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Apple Safari, Opera, etc.)
Data collected on the basis of the user's consent:
- websites that you visit from our website
- clicks
- mouse movements
- scroll depth
- events on the website (e.g. video views, inquiries, purchases, etc.)
- number of users
- session statistics
- approximate location determination
- browser and device information
2. Cookies
We use cookies on our website to make our offer user-friendly. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. The cookies remain stored until you delete them. This enables us to recognize your browser on your next visit.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you allow them in individual cases. However, we would like to point out that deactivating cookies will mean that you will not be able to use all the functions of our website.
The legal basis for the data processed by cookies is Art. 6 para. 1 lit. f GDPR.
The cookies remain valid for a maximum of two years and are then deleted by your browser.
D) Contact
- If you fill out a contact form or send us an e-mail or other electronic message, your details will only be stored for the purpose of processing the inquiry, possible further questions in connection with it, and will only be used within the scope of the inquiry.
- The legal basis for processing your request is Art. 6 para. 1 lit. a or b GDPR.
- We will delete your personal data after your request has been dealt with.
1. Newsletter
- When you register for our newsletter, we will immediately send an e-mail containing a hyperlink to the e-mail address you have provided. By clicking on this link, you confirm your newsletter registration (double opt-in procedure). If this registration confirmation is not received within 7 days, we will delete the e-mail address from our temporary list and no registration will take place.
- By confirming your newsletter registration, you consent to the storage of your e-mail address including the date of registration, IP address and the respective list name of the desired newsletter. We only use your e-mail address and the personal data collected at the same time (salutation, title, first name, last name, gender, e-mail address, telephone number, home address) for the administration and sending of the newsletter you have requested at the periodicity specified during registration.
- Our newsletters do not contain any obvious or hidden counters, third-party advertising or links to external sites that are not directly related to the content of our newsletter.
- The legal basis for sending you a newsletter is Art. 6 para. 1 lit. a GDPR.
- Each newsletter contains a note on how you can unsubscribe from the newsletter.
2. Social Plugins
All integrated social plugins work using the 2-click method; this means that the recording of your surfing behavior by a plugin only starts when you activate the corresponding plugin by clicking on it. If you are logged into your social media platform account at the same time as visiting our website, for example, the page visit can be assigned to your user account after activating the plugin (first click).
E) Data security
We use the widespread SSH encryption method in conjunction with the highest encryption level supported by your browser when you visit our website. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser.
We also use other suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
F) Recipients of data and data transfer to third countries
1. Recipients of data
We do not sell, trade or transfer personal data to uninvolved third parties. Exceptions are trusted partners or service providers who assist us with the website, business operations or service delivery. Although these trusted third parties may have access to personal data, they are bound by contract to keep this information confidential.
We may also disclose your information as we believe necessary to comply with the law, enforce our site policies, or protect our or others' rights, property, or safety. In addition, information about visitors that is not directly identifiable may be shared with third parties for marketing, advertising or other purposes.
We only pass on the data collected by us to third parties if it is necessary for the fulfillment of a contract, to ensure the technical function of the website or if there is another legal reason for passing on the data.
In some situations, we use service providers to process personal data. These may include data centers that host the website and databases, IT providers that maintain the systems, and consulting firms. When data is passed on to these service providers, they only use the information to fulfill their specific tasks. They have been carefully selected and commissioned by us. They contractually follow our instructions and have taken appropriate measures to protect the rights of data subjects. A list of service providers:
Company | Address | Function | Website |
---|---|---|---|
TAC Informationstechnologie GmbH | Schildbach 211, 8230 Hartberg, Austria | Shop system (TAC) | tac.eu.com |
Hotelchamp B.V. | Burgerweeshuispad 101, 1076 ER Amsterdam, Netherlands | Sales solutions/Hotel management (hotelchamp) | hotelchamp.com |
TrustYou GmbH | Schmellerstraße 9, 80337 München, Germany | Widget (Ratings) | trustyou.com |
AccessiWay GmbH | Praterstraße 1/34, 1020 Wien, Austria | Widget (Accessibility) | accessiway.at |
Google Ireland Limited | Gordon House, Barrow Street, Dublin 4, Ireland | Analysis tool/Marketing tool (Analysis & Advertising) | policies.google.com |
Meta Platforms Ireland Limited | Merrion Road, Dublin 4, D04 X2K5, Ireland | Analysis tool/Marketing tool (Analysis & Advertising) | facebook.com |
Microsoft Ireland Operations Limited | One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland | Analysis tool/Marketing tool (Analysis & Advertising) | privacy.microsoft.com |
Spotify AB | Regeringsgatan 19, 111 53 Stockholm, Sweden | Analysis tool/Marketing tool (Analysis & Advertising) | spotify.com |
Pinterest Europe Ltd. | Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland | Analysis tool/Marketing tool (Analysis & Advertising) | policy.pinterest.com |
TikTok Technology Limited | 10 Earlsfort Terrace, Dublin D02 T380, Ireland | Analysis tool/Marketing tool (Analysis & Advertising) | tiktok.com |
Hotjar Ltd | Dragonara Business Centre 5. Stock, Dragonara Road, Paceville St Julian's STJ 3141, Malta | Analysis tool/Marketing tool (User behaviour) | hotjar.com |
myNET gmbh | Bruggfeldstraße 5, 6500 Landeck, Austria | Website hoster | mynet.at |
Onlyfy Bewerbungsmanager | Am Strandkai 1, 20457 Hamburg, Germany | ||
SC-Networks GmbH | Würmstraße 4, 82319 Starnberg, Germany |
Company | TAC Informationstechnologie GmbH |
Address | Schildbach 211, 8230 Hartberg, Austria |
Function | Shop system (TAC) |
Website | tac.eu.com |
Company | Hotelchamp B.V. |
Address | Burgerweeshuispad 101, 1076 ER Amsterdam, Netherlands |
Function | Sales solutions/Hotel management (hotelchamp) |
Website | hotelchamp.com |
Company | TrustYou GmbH |
Address | Schmellerstraße 9, 80337 München, Germany |
Function | Widget (Ratings) |
Website | trustyou.com |
Company | AccessiWay GmbH |
Address | Praterstraße 1/34, 1020 Wien, Austria |
Function | Widget (Accessibility) |
Website | accessiway.at |
Company | Google Ireland Limited |
Address | Gordon House, Barrow Street, Dublin 4, Ireland |
Function | Analysis tool/Marketing tool (Analysis & Advertising) |
Website | policies.google.com |
Company | Meta Platforms Ireland Limited |
Address | Merrion Road, Dublin 4, D04 X2K5, Ireland |
Function | Analysis tool/Marketing tool (Analysis & Advertising) |
Website | facebook.com |
Company | Microsoft Ireland Operations Limited |
Address | One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland |
Function | Analysis tool/Marketing tool (Analysis & Advertising) |
Website | privacy.microsoft.com |
Company | Spotify AB |
Address | Regeringsgatan 19, 111 53 Stockholm, Sweden |
Function | Analysis tool/Marketing tool (Analysis & Advertising) |
Website | spotify.com |
Company | Pinterest Europe Ltd. |
Address | Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland |
Function | Analysis tool/Marketing tool (Analysis & Advertising) |
Website | policy.pinterest.com |
Company | TikTok Technology Limited |
Address | 10 Earlsfort Terrace, Dublin D02 T380, Ireland |
Function | Analysis tool/Marketing tool (Analysis & Advertising) |
Website | tiktok.com |
Company | Hotjar Ltd |
Address | Dragonara Business Centre 5. Stock, Dragonara Road, Paceville St Julian's STJ 3141, Malta |
Function | Analysis tool/Marketing tool (User behaviour) |
Website | hotjar.com |
Company | myNET gmbh |
Address | Bruggfeldstraße 5, 6500 Landeck, Austria |
Function | Website hoster |
Website | mynet.at |
Company | Onlyfy Bewerbungsmanager |
Address | Am Strandkai 1, 20457 Hamburg, Germany |
Function | |
Website | |
Company | SC-Networks GmbH |
Address | Würmstraße 4, 82319 Starnberg, Germany |
Function | |
Website |
In addition, data may be disclosed in the context of official requests, judicial orders and legal proceedings if this is necessary to protect or enforce rights. If government agencies make a legitimate claim to us for customer data, we strive to minimize the scope of disclosure. Only the specific data specified by the relevant legal request will be released by us.
2. Data transfer to third countries
We use services from providers, some of which are based in countries outside the European Union or the European Economic Area or process data there. This means that data may be transferred to countries that do not have the same data protection standards as the European Union. For some of these countries, the European Commission has adopted an adequacy decision, see Data Privacy Framework in the USA. If such a decision does not exist, we use mechanisms such as the EU standard contractual clauses or binding corporate rules to ensure that adequate data protection is maintained when data is transferred. If data is transferred to such a third country and there is neither an adequate decision nor appropriate security measures in place, there is a risk that local authorities (such as intelligence agencies) may access and use this data. This could make it difficult to enforce your data protection rights.
G) Your rights
You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, data portability, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling.
You also have the right to withdraw your consent to the use of your personal data at any time.
You can assert your aforementioned rights at any time by contacting us at the address provided (see above for contact details).
If you are of the opinion that the processing of your personal data by us is contrary to the applicable data protection regulations, you have the option of complaining to the Austrian Data Protection Authority.