Up to 15% discount on direct booking!

Data Protection

PRIVACY POLICY

This website is operated by TRANS WORLD HOTELS Austria GmbH (FN 89480p), hereinafter referred to as "we", "us" and "TWH", based in 4020 Linz, Am Winterhafen 13. In this privacy policy, we, as the controller pursuant to Art. 4 (7) GDPR, describe which data we collect when you visit our website and for what purpose we process it. We also inform you about how we generally process the data of our customers, suppliers and interested parties and finally explain what rights and safeguards we offer in the course of data processing. All relevant contact details can be found in section 10 of this privacy policy.

As the protection of your personal data is of particular concern to us, we strictly adhere to the legal requirements of the FADP and GDPR when collecting and processing your personal data.

In the following, we will inform you in detail about the scope and purpose of our data processing and your rights as a data subject. Therefore, please read our privacy policy carefully before you continue to use our website and, if necessary, give your consent to data processing.

1. personal data

It is generally possible to use our website without providing personal data. However, there may be different regulations for the use of individual services, which we will point out to you separately.
Apart from the cookies described in detail below, we therefore only collect and store the data that you yourself provide to us by entering it in our input masks or actively interacting with our website in any other way.

Personal data is all information that relates to an identified or identifiable natural person. This includes, for example, your name, your address, your telephone number or your date of birth, but also your IP address or geolocation data that can be used to identify you.

2. use of cookies

a. If you only use our website for information purposes, i.e. if you do not register for a service or otherwise provide us with information - for example via a contact form - we only collect the (personal) data that your browser transmits to our server. If you wish to visit our website, we collect the data listed below, which is technically necessary for us to display the website to you and to ensure its stability and security in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request
  • Access status / http status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser used
  • Operating system and its interface
  • Language and version of the browser software

However, this data is not processed beyond the purpose of displaying our website.

b. In addition to the aforementioned data, first and third-party cookies are stored on your computer when you use our website; these are small text files that are stored on your hard disk in the browser you are using. The place that sets a cookie (this is done either by us or an explicitly named third party) receives certain information as a result.

We need these cookies on the one hand to recognize you as a user of the website and on the other hand to be able to track the use of our services. Finally, we may use cookies for marketing purposes in order to analyze your usage behavior and to send you targeted advertising if necessary.

c. A basic distinction can be made between first party cookies, third party cookies and third party requests.

  • First party cookies

First party cookies are stored in your browser by us or our website itself in order to offer you the best possible user experience. In particular, these are functional cookies, such as shopping cart cookies. We may also use cookies to identify you for subsequent visits if you have an account with us - otherwise you will have to log in each time you visit.

  • Third party cookies

Third party cookies are stored in your browser by a third party provider. These are usually tracking or marketing tools that, on the one hand, evaluate your user behaviour and, on the other hand, offer the third-party provider the opportunity to recognize you on other websites you visit. Retarget marketing, for example, is generally based on the function of such cookies.

  • Third party requests

Third party requests are all requests that you as a website user make to third parties via our website - for example, if you interact with social network plugins or use the services of a payment provider. In this case, no cookies are stored in your browser, but it cannot be ruled out that personal data will be sent to this third-party provider as a result of the interaction. For this reason, we also inform you in detail in our privacy policy about the tools and applications we use.

d. In order to provide you with comprehensive information about the cookies we use, we have designed a cookie banner in accordance with the ECJ case law of 01.10.2019, C-673/17 (Planet 49) and other relevant decisions, which is displayed when you first visit our website. This cookie banner shows all cookies used, including their function, storage duration and origin. Only if you consent to the use of some or all cookies will they be stored by us; an exception to this may be technically essential cookies, without the use of which our website could not be displayed correctly.

e. You can change your browser settings at any time so that, for example, you refuse to accept third-party cookies or all cookies. In this case, however, we must point out that you may no longer be able to use all the functions of our website.

3. collection and processing of personal data

a. Website

Personal data that goes beyond the information stored by cookies is only processed by us as part of the operation of our website if you voluntarily provide it to us, for example when you register with us, book a hotel room with us, otherwise enter into a contractual relationship with us or otherwise contact us. This only involves contact details and information about the matters with which you contact us.

We only use the personal data you provide to the extent that this is necessary to fulfill the respective purpose of the processing (e.g. registration, sending the newsletter, processing an order, sending information material and advertising, processing a competition, answering a question, providing access to certain information) and this is required by law (in particular pursuant to Art. 6 or Art. 6 para. 1 lit. a GDPR). pursuant to Art. 6 or Art. 9 GDPR) (e.g. the sending of advertising and information material to existing customers pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR).

The purpose of processing your data is the operation of our website and the targeted provision of company-specific information, including the presentation of our range of goods and services (marketing).

Any further use of your data will only take place if you have given your express prior consent, if we need your data to fulfill a contract concluded with you or if we are required by law to retain it. You can revoke any consent you have given at any time for the future, as explained in detail below.

b. Contract processing, marketing and more

In general, we use personal data of our customers, suppliers and other contractual and cooperation partners, e.g. contact persons, their contact details and marketing-relevant information, for the purpose of contract processing and within the scope of statutory retention obligations (e.g. accounting), and also for legitimate interests, such as for marketing and customer care purposes.

We also collect personal data from interested parties (e.g. contact persons, their contact details and marketing-relevant information) in the course of our acquisition and sales activities. We are always on the lookout for potential contractual partners on the Internet, at trade fairs and at other events and maintain a marketing database for this purpose in order to enable targeted advertising for our products and services. We carry out all of the measures listed here in our legitimate interest for marketing purposes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with recital 47 for a period of three years from the end of a contractual relationship (customers & suppliers) or our first (unsuccessful) contact (interested parties), unless the data subject has given their express consent beyond this.

If we do not collect personal data for marketing purposes from the data subject themselves, we will also inform the data subject where we have collected their data in accordance with Art. 14 GDPR when they first contact us.

c. Application management

We collect data from applicants for job offers open with us for the purpose of initiating a possible employment relationship in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR or, if necessary, on the basis of explicit consent for evidence purposes.

4. storage period

We generally store data that you have provided to us exclusively for customer support or for marketing and information purposes for a period of three years after our last contact. However, if you so wish, we will also delete your data before this period expires, provided there is no legal obstacle to this.

In the event that a contract is initiated or concluded, we will process your personal data after the contract has been fully processed until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us, and beyond that until the end of any legal disputes in which the data is required as evidence.

Data that you may send us as part of an application process will only be stored for a period of 6 months without separate consent.

If storage is required by law, we will comply with the period specified therein. If we process your personal data for purposes other than those described in this privacy policy - for example, for legitimate interest - we will inform you separately before processing begins.

5. data transmission

a. General

Your data will not be transferred to third parties unless we are legally obliged to do so, the transfer of data is necessary for the execution of a contractual relationship concluded between us or you have previously expressly consented to the transfer of your data.

External processors or other cooperation partners will only receive your data if this is necessary for the execution of the contract, if we have a legitimate interest in doing so, which we will always disclose separately in the event of an incident, or if this is necessary due to special standards, with your consent.

Your personal data will not be sold or otherwise marketed by us to third parties. If our contractual partners or processors are based in a third country, i.e. a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

If one of our processors comes into contact with your personal data, we ensure that they comply with the provisions of data protection laws in the same way as we do.

b. Data transfer to the USA?

We occasionally offer some services in the course of which data is or may be transferred to the USA. The transfer of data to the USA has always led to legal challenges in recent years. There are several legal bases for a legally compliant data transfer to the USA, whereby we generally rely on two different legal bases:

  • Data transfer based on the existence of an adequacy decision

On July 10, 2023, the European Commission adopted a new adequacy decision pursuant to Art. 45 GDPR for the USA - namely the EU-U.S. Data Privacy Network.

However, this adequacy decision only applies to those data importers in the USA that are registered on the Data Privacy Framework List (https://www.dataprivacyframework.gov/s/participant-search).

We check for each of our service providers who are to receive personal data in the USA as data importers whether they are registered on the Data Privacy Framework List. If this is the case, this is stated in our privacy policy for the respective service provider.

The EU Commission's press release on the EU-U.S. Data Privacy Network can be found at: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721.

  • Consent

If a data importer is not registered in the Data Privacy Framework List, it is necessary - unless there is another justification such as the fulfillment of contractual obligations - that you consent to the use of your data collected via these services, including in the USA (Art. 49 para. 1 lit. a GDPR).

This is because we are not yet able to assess how jurisdiction will develop as a result of the EU-U.S. Data Privacy Network. We collect this consent - depending on the service - via our cookie banner or separately by means of a corresponding declaration of consent directly before using a service offered.

Your consent is required because, according to recent official and court decisions and the case law of the ECJ, the USA is not certified as having an adequate level of data protection when processing personal data (C-311/18, Schrems II). These official and court rulings are particularly critical of the fact that access by US authorities (FISA 0702) is not comprehensively restricted by law, does not require approval by an independent body and there are no relevant legal remedies available to those affected in the event of such interventions.

Apart from the contracts concluded with US service providers, we have no direct influence on the access of US authorities to personal data that is transferred to service providers in the USA when using these services. Even if we assume that our service providers take the necessary steps to guarantee the promised level of protection in accordance with the contractual agreements concluded with us, access by US authorities to data processed in the USA is nevertheless conceivable.

We therefore request your consent to the processing of data in the USA before using such services. We will point out separately for each service or application that there is a possibility of data being transferred to the USA.

6. Tools and applications used

a. We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses cookies, the functionality of which has already been explained in detail above. The information generated by these cookies about your use of this website is usually transmitted to a Google server and stored there.

Google uses this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of the cookies required by Google Analytics by setting your browser software accordingly, although this may mean that you will not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as its transmission and processing by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

If you would like further information on the type, scope and purpose of the data collected by Google, we recommend that you read their privacy policy. https://support.google.com/analytics/answer/6004245?hl=de
Google also processes your data in the USA. Before you give your consent to the storage of cookies through the use of Google Analytics, please read the relevant information in our privacy policy.

Google LLC is registered in the Data Privacy Framework List.

b. We also use Google Maps services on our website. This allows us to show you interactive maps directly on our website and enables you to conveniently use the map function to find our location and make your journey easier.

When you visit our website, Google receives the information that you have accessed the corresponding subsite of our website and the personal data listed under 2. This takes place regardless of whether you are logged in via a Google account or not. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish this to happen, you must log out of Google before using this service. Google uses your data for the purposes of advertising, market research and needs-based website design. You have the right to object to the use of your data in this regard, which you must address directly to Google.

Further information on the purpose and scope of data collection can be found in Google's privacy policy at http://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA. Before you give your consent to the storage of cookies through the use of Google Maps, please read the relevant information in our privacy policy.

Google LLC is registered in the Data Privacy Framework List.

c. We also provide links to other websites on our website for information purposes only. These websites are not under our control and are therefore not covered by the provisions of this privacy policy. However, if you activate a link, it is possible that the operator of this website will collect data about you and process it in accordance with its privacy policy, which may differ from ours. Please always inform yourself about the current data protection regulations on the websites we link to.

d. Our website also offers the option of interacting with various social networks via plugins. These are:

  • Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc, Menlo Park, California, is registered in the Data Privacy Framework List.
  • Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc, Menlo Park, California, is registered in the Data Privacy Framework List.

If you click on a plugin of one of these social networks, it will be activated and a connection ft he respective server of this network will be established as described above.

If you activate these plugins, you consent ft he use of your data collected via these plugins in the USA.

ft he no influence on the scope and content ft he data that is transmitted ft he respective operator of this social network by clicking on the plugin or which may subsequently be subject to access by US authorities.

If you wish to find out about the type, scope and purpose ft he data collected by the operators of these social networks, we recommend that you read the data protection provisions ft he respective social network.

7 Joint responsibilities pursuant to Art. 26 GDPR

a. Facebook fan page

We operate a Facebook fan page at https://www.facebook.com/hoteldonauwelle/. The purpose of this fan page is to share information about our company's activities, to implement marketing measures and to provide a further communication channel with us.

In this context, we are "joint controllers" with Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which provides us with this service. In principle, Facebook allows you to select in your settings which personal data is shared with us. If you do not want this, we will receive all information regarding the use of our fan page and personal data about visitors in anonymized form.

For this purpose, we have concluded a so-called Art. 26 GDPR agreement with Facebook, in which the mutual rights and obligations of us and Facebook are regulated. This can be found at https://www.facebook.com/-legal/EU_data_transfer-_addendum/update. In this context, we also ask you to read Facebook's privacy policy, which you can find at https://www.facebook.com/policy.php.

In the Art. 26 GDPR agreement concluded by us, Facebook undertakes to be the first point of contact for data subjects regarding the processing of In-sights data and to fulfill the associated obligations and tasks.

You can therefore assert your data subject rights both against us in accordance with point 10. of this privacy policy and against Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

b. Instagram profile

We operate an Instagram profile at https://www.instagram.com/twh_donauwelle/. With this profile, we want to implement marketing measures, draw attention to our products and services and create an additional communication channel with our customers.

In this context, we are also "joint controllers" with Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which provides us with this service. In principle, Instagram allows you to select in your settings which personal data is shared with us. If you do not want this, we will receive all information regarding the use of our fan page and personal data about visitors in anonymized form.

For this purpose, we have concluded a so-called Art. 26 GDPR agreement with Instagram, in which the mutual rights and obligations of us and Instagram are regulated. This can be found at https://www.facebook.com/-legal/EU_data_transfer-_addendum/update. In this context, we also ask you to read Instagram's privacy policy, which you can find at https://help.instagram.com/519522125107875.

In the Art. 26 GDPR agreement concluded by us, Instagram undertakes to be the first point of contact for data subjects regarding the processing of In-sights data and to fulfill the associated obligations and tasks.

You can therefore assert your data subject rights both against us in accordance with point 10 of this privacy policy and against Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

8. security

We use numerous technical and organizational security measures to protect your data against manipulation, loss, destruction and access by third parties. Our security measures are constantly being improved in line with technological developments on the Internet. Should you require more detailed information on the type and scope of the technical and organizational measures we have taken, please do not hesitate to contact us in writing at any time.

9. your rights

In accordance with the General Data Protection Regulation and the Data Protection Act, you are entitled to the following rights and legal remedies as a data subject of our data processing:

  • Right of access (Art. 15 GDPR)
    As a data subject of the data processing described above and other data processing, you have the right to request information about whether and, if so, which personal data about you is being processed. For your own protection - so that no unauthorized person receives information about your data - we will verify your identity in a suitable form before providing information.
  • Right to rectification (Art. 16) and erasure (Art. 17 GDPR)
    You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you or - taking into account the purposes of the data processing - the completion of incomplete personal data and the erasure of your data, provided that the criteria of Art. 17 GDPR are met.
  • Right to restriction of processing (Art. 18 GDPR)
    Under the legal requirements, you have the right to restrict the processing of all personal data collected. As of the request for restriction, this data will only be processed with your individual consent or for the assertion and enforcement of legal claims.
  • Right to data portability (Art. 20 GDPR)
    You can request the unhindered and unrestricted transfer of personal data that you have provided to us to you or a third party.
  • Right to object (Art. 21 GDPR)
    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is necessary for the purposes of our legitimate interests or those of a third party. Your data will no longer be processed after objection, unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to data processing for the purpose of direct advertising at any time with effect for the future.
  • Withdrawal of consent
    If you have separately given your consent to the processing of your data, you can withdraw this at any time. Such a withdrawal will affect the permissibility of processing your personal data after you have given it to us.

If you take a measure to enforce your rights under the GDPR listed above, TWH must respond to the requested measure or comply with the request without undue delay, but at the latest within one month of receipt of your request.

We will respond to all reasonable requests within the legal framework free of charge and as promptly as possible.

The data protection authority is responsible for applications concerning violations of the right to information, violations of the right to confidentiality, rectification or erasure. Their contact details are

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
dsb@dsb.gv.at

10. contact information / contact person

a. Contact information of the person responsible

Momen Moshref
General Manager/Managing Director

Phone: +43 732 78990
Mobile: +43 699 1836 3946
E-Mail: Momen.Moshref@TWHotels.eu

TRANS WORLD HOTELS Austria GmbH
Am Winterhafen 13, 4020 Linz-AT
www.transworldhotels.com

b. Contact information of the data protection officer

Philipp Summereder
(Lawyer / Partner)

Summereder Pichler Wächter Attorneys at Law GmbH
Dr. Herbert-Sperl-Ring 3, A - 4060 Leonding
office@spwr.at | +43 732 272887 | www.spwr.at
FN 441762a LG Linz | ADVM code P430533

Status: May 2024