Privacy policy
Data protection is of a particularly high priority for the Stiftsgasthof. The use of the Internet pages of the Stiftsgasthof is possible without any indication of personal data. However, if a data subject wants to use special services provided by our guesthouse via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the Stiftsgasthof. By means of this data protection declaration, our guesthouse would like to inform you about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, the Stiftsgasthof has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Stiftsgasthof Hochburg
Hochburg 2
5122 Hochburg-Ach
Owner: Franz Pemwieser jun.
Tenant: Adolf Weinzierl
Telefon: 0043 (0) 7727 35001
E-Mail: office(at)stiftsgasthof.at
Responsible for data protection in the sense of the DSGVO:
Michael Schellscheidt
datenschutz(at)stiftsgasthof.at
1. collection of general data and information
The internet provider of the Stiftsgasthof collects a series of general data and information with each call of the website. This general data and information is stored in the log files of the web server. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, the Stiftsgasthof does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in case of a cyber attack. Therefore, the Stiftsgasthof analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data submitted by a data subject.
2. contact possibility via the website + personal data
Based on statutory provisions, the website of the Stiftsgasthof contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts our practice by e-mail or by means of a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted to us on a voluntary basis by a data subject will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
General contact requests and appointment requests are stored on the web server and deleted at regular intervals. Appointment requests are also stored in our practice software.
The transmitted personal data will only be further processed if you visit us as a guest and have given the appropriate consent for the further processing of the data. This is usually necessary to ensure the billing of our services, which can also be done via an external service provider. In addition, storage is only required for internal pension operations (electronic file card).
3. routine deletion and blocking of personal data
The personal data transmitted to us will only be stored for the period of time necessary to achieve the purpose of storage or if this is required by the European Directive and Regulation or other legislator in laws or regulations, was provided.
f the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
4. rights of the data subject (When you provide us with data)
-
- a) Right to confirmation
Every data subject has the right, granted by the European Directive and Regulation, to obtain confirmation from us as to whether we are storing personal data relating to him or her (see 5). If a data subject wishes to exercise this right, he or she may, at any time, contact any employee of the Stiftsgasthof. - b) Right to information
Each data subject shall have the right, granted by the European Directive and the Regulation, to obtain at any time, free of charge, information from the Stiftsgasthof about personal data concerning him or her that has been stored and a copy of this information.
In general, no information is passed on to third countries. All data, including the data on this website, is stored in Germany. There is no categorization and a transfer is only in the context of invoice processing, unless paid in cash. Profiles or evaluations of the data, as well as a trade with the data generally does not take place. - c) Right to rectification
Any data subject shall have the right to obtain the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.
If a data subject wishes to exercise this right, he or she may, at any time, contact any employee of the Stiftsgasthof. - d) Right to erasure (right to be forgotten)
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following reasons applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DS-GVO.
- If one of the aforementioned reasons applies, and a data subject wishes to arrange the deletion of personal data stored by the Stiftsgasthof, he or she may, at any time, contact any employee of the Stiftsgasthof. The employee will arrange for the deletion request to be complied with immediately.
If the personal data has been made public by the Stiftsgasthof and our enterprise as the responsible party is obliged to delete the personal data pursuant to Art. 17 Para. 1 DS-GVO to erase the personal data, the Stiftsgasthof shall implement reasonable measures, including technical measures, taking into account the available technology and the costs of implementation, in order to inform other data controllers which process the published personal data that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary. The employee of the Stiftsgasthof will arrange the necessary in individual cases. - e) Right to restriction of processing
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the restriction of processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
- If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the Stiftsgasthof, he or she may, at any time, contact any employee of the controller. The employee will arrange the restriction of the processing.
- f) Right of data portability
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
In order to assert the right to data portability, the data subject may contact an employee at any time. - g) Right of objection
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
The Stiftsgasthof shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
If the Stiftsgasthof processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data processed for such marketing. If the data subject objects to the Stiftsgasthof to the processing for direct marketing purposes, the Stiftsgasthof will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation (DS-GVO), unless the processing is necessary for the performance of a task carried out in the public interest.
In order to exercise the right to object, the data subject may directly contact any employee. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his/her right to object by means of automated procedures using technical specifications. - h) Right to revoke consent under data protection law
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller. This can be done by e-mail, in writing, by telephone or by fax.
- a) Right to confirmation
5. legal basis of the processing
Article 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).
6. legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
7. SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
8. Verwendung von Skriptbibliotheken (z.B. Google Webfonts) + Google Maps
In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Webfonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loads. If the browser does not support Google Web Fonts or prevents access, content is displayed in a standard font.
Die Google Webfonts sind direkt auf unserem Server gespeichert und lösen keinen Zugriff auf Google aus, sodass auch keinerlei Daten an Google weitergeleitet werden.
This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors' use of the map functions. More information about the data processing by Google can be found in the the Google Privacy Policy entnehmen. In unseren Cookie Einstellungen können Sie den Zugriff – wenn gewünscht – sperren.
9. Cookies
Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. Through this, we may automatically receive certain data such as IP address, browser used, operating system about your computer and your connection to the Internet.
Cookies cannot be used to launch programs or transfer viruses to a computer. Based on the information contained in cookies, we can facilitate your navigation and enable the correct display of our web pages.
Es erfolgt von unserem Betrieb keine aktive Speicherung der aus Cookies generierten Daten. Es ist bislang noch nicht geklärt welche Daten die Anbieter von Zusatzfunktionen für diese Webseite speichern und zu welchem Zweck. Im Zweifelsfall empfehlen wir die Deaktivierung der Cookies über Ihren Internet-Browser.
Of course, you can also view our website without cookies in principle. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.
10. contact form
Treten Sie per E-Mail oder Kontaktformular mit uns in Verbindung, werden die von Ihnen gemachten Angaben zum Zwecke der Bearbeitung der Anfrage sowie für mögliche Anschlussfragen gespeichert. Die dabei übermittelten Daten werden gemäß der Richtlinie für die Verarbeitung personenbezogener Daten behandelt und in regelmäßigen Abständen gelöscht.
11. Links
If we have currently installed links to other websites, as customer service, we refer you to the respective privacy statements of the provider of the linked website. Our practice provides the links completely free of any evaluation or identification with the services and information presented there. Likewise, we have no influence whatsoever on the handling of data protection on the linked website. The practice does not collect any data when a link is activated and does not store any information about it.
