Find your perfect match!

Find your perfect match!

Arrival

Departure

-

-

  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • Su
Save

Occupancy

  • Occupancy
  • Rooms
    1
  • Adults
    2
  • Children
    0
Save

Save code


DATA PROTECTION POLICY "Newsletter customer"

Vienna House Hotelmanagement GmbH

  1. Processing activity
    Marketing of online information offers via a newsletter for registered customers

  2. Controller
    Vienna House Hotelmanagement GmbH ("VIENNA HOUSE")
    Business address: Dresdner Straße 87, 1200 Vienna, Austria
    Telephone: +43 1 333 73 73-0
    Email: office[a]viennahouse.com

  3. Purposes of data processing
    • On the legal basis of fulfilling or preparing the agreement
      1. Sending of online information offers concerning VIENNA HOUSE products and services to registered users/customers (consumers and entrepreneurs)
      2. Maintaining information from the customer before, during and after their stay
      3. Increasing customer satisfaction and customer retention by organising competitions, events and surveys
      4. Provision of communication channels to VIENNA HOUSE for servicing the contractual relationship
      5. Managing requests to unsubscribe from the newsletter, promotional offers, tourism offers or satisfaction surveys
      6. Dissemination of proprietary and third-party advertisement within online information offers and products
    • • On the legal basis of (overriding) legitimate interests of VIENNA HOUSE: Direct advertisement
      1. Re-acquiring old customers and acquiring new customers
      2. Gathering of user numbers for products for the purposes of documenting reach
      3. Maintaining customer satisfaction and customer retention (by using profiling, see Point 9.)
      4. Disseminating/playing advertisement for offers and services of VIENNA HOUSE by use of direct advertisement ("marketing purposes") insofar as this is legally permissible
      5. Improving the services of VIENNA HOUSE by conducting surveys and analysing questionnaires, managing claims/complaints and offering the benefits of loyalty programmes

  4. Changes to purpose (Forwarding)
    Direct advertisement
    VIENNA HOUSE hereby informs that it processes customers' personal data for the purposes of direct advertisement (incl. profiling). VIENNA HOUSE intends to use direct advertisement to aid in the marketing of advertised (proprietary or third-party) services and products. The data will not be passed onto any (non-group-affiliated) third parties for this purpose. There is no incompatibility with the purpose of the original data collection.

  5. Objecting to processing for the purposes of direct advertisement:
    The customer can object to the use of their personal data for direct advertisement (including "profiling") at any time without providing any reasons to the controller. By lodging an objection, VIENNA HOUSE can no longer use the customer's personal detail for these purposes in future.

  6. Legal basis of data processing
    1. Sending of newsletter: Fulfilment or preparation of the agreement: Use of the newsletter service is based on an agreement within the meaning of Art. 6 Para. 1 lit b GDPR . VIENNA HOUSE hereby discloses that it makes use of third-party content (such as links, Pixel, plug-ins) when performing its contractual services. Due to technical circumstances when accessing content/the Internet, VIENNA HOUSE automatically sends electronic identification data, particularly IP address and user's browser settings, when loading online pages to third parties, who further process the data under their own responsibility.
    2. Direct advertisement (incl. profiling): overriding legitimate interests of VIENNA HOUSE (see Point 8.)

  7. Description of the (overriding) legitimate interests for the purposes of direct advertisement:
    VIENNA HOUSE also processes customer data (however, not the data of children or special categories personal data within the meaning of Art. 9 GDPR ("sensitive data")) to use said data for the purposes of direct advertisement for (further) products of companies affiliated with VIENNA HOUSE (see also Point 5.). VIENNA HOUSE has a legitimate interest in processing personal data for the purposes of direct advertisement (Recital 47, last section of GDPR). This solely involves the processing of customer data in the possession of VIENNA HOUSE from the contractual relationship and for which the retention period still applies. This does not involve an extension to the retention period. The primary goal of data processing is acquiring customers with the objective of bringing them into a (preliminary) contractual relationship and retaining them as customers. VIENNA HOUSE relies on its constitutionally protected freedom of running a business (Art. 6 StGG (Austrian Constitution)) and freedom of communication (particularly Art. 10 ECHR, which also protects advertising measures), and on those rights
    • To send postal advertisement;
    • To make advertising calls following consent;
    • To send electronic mail following consent;
    • To send electronic mail in accordance with Section 107 Para. 3 of the Telecommunication Act (TKG);
    VIENNA HOUSE complies with legal, communication-related requirements while using this data, particularly those of Section 107 TKG.
    • Data processing within the group:
      VIENNA HOUSE is part of a corporate group. VIENNA HOUSE uses group-affiliated companies on a collaborative basis to fulfil its extensive obligations (processing bookings via a central booking system, payment systems, marketing, accounting, etc.). VIENNA HOUSE has a legitimate interest therein (Recital 48 of GDPR).
      This particularly relates to the management of booking data from all group-affiliated companies performed via a central booking system. This database is maintained by VIENNA HOUSE; data is saved and managed centrally. The data is inputted directly by the customer, the subsidiary hotel, or the booking agent depending on the booking. Group-affiliated companies have access to this database for the purposes of contractual fulfilment (performing bookings, capacity planning, etc.).
    • IT security:
      VIENNA HOUSE saves the IP addresses of its customers for a period of 7 days in order to defend against targeted attacks in the form of overloading servers (denial of service attacks) and other damage to systems. VIENNA HOUSE has a legitimate interest in this form of data processing for the purposes of maintaining the functionality of its services provided online (Recital 49 of GDPR).

  8. Analyses of personal aspects of the customer ("profiling")
    Gathering, storing:
    VIENNA HOUSE stores user behaviour (e.g. reading behaviour, links opened etc.) in a central database to enable optimal customer care and to ensure relevant and targeted measures can be used to improve satisfaction and customer retention, and to adjust the service on an individual basis.
    Analysis of personal interests:
    VIENNA HOUSE stores user behaviour and deduces specific personal interests from this in order prevent dispersion losses (and to minimise data processing operations) when playing advertising content and within direct marketing. VIENNA HOUSE uses these analysed interests in order to communicate targeted, interest-specific offers and advertising to customers and thus prevent dispersion loss in advertising.

  9. Objecting to "profiling":
    The customer can object to the use of their personal data for the purposes of profiling at any time without providing any reasons to the controller. By lodging an objection, VIENNA HOUSE can no longer use the customer's personal detail for the purpose of profiling in future. This information remains stored until you unsubscribe from the newsletter. Once unsubscribed, we store the data in an anonymous form purely for statistical purposes.

  10. Obligation to provide data
    Customers are under no obligation to provide data.

  11. Automated decision-making
    The customer is not subject to any automated decision that has a legal effect upon them.
  12. Types of data processed
    Disclosed by customer:
    Email address;
    Disclosed voluntarily by the customer:
    Title; Name; Country; Language; Interests
    Gathered by VIENNA HOUSE additionally:
    Origin of data provided; Campaign development; Interests; IP addresses (log files); End device data (device ID); Browser used; Device used; Type of transmission, e.g. encrypted; Timestamp: date and time Initial and recurring (update); Session ID; Login data (email and encrypted password); Login checks – successful and failed logins; Interface information feature (API token)

  13. Data sources (Unless not gathered from customer)
    Statistical data: Statistik Austria: Robinson entries (list protecting consumers against unsolicited advertisement via post, email, telephone and fax)

  14. External recipients of data
    Communication of electronic identification data to controllers:
    Quelle | Datenarten
    Google Analytics, services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |Anonymised IP address, name of website, browser-specific information, information on website use
    „Social-plug-ins“: Facebook Inc., 1 Hacker Way, 94025 Menlo Park, USA; Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Youtube LLC, principal place of business in 901 Cherry Avenue, San Bruno, CA 94066, USA - represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; LinkedIn Ireland UC.; Wilton Place,Dublin 2, Irland | IP address, URLs, cookies and data on browser settings
    For more detailed information on the types of data processing mentioned above can be found under „Cookie information“ on our website.

  15. External recipients of data – group companies and commissioned data processors:
    Commissioned data processor:
    • Tax consultants/accountants
    • Lawyers
    • Banks and payment service providers
    • Collection agency
    • Telecommunication providers (sending of newsletter)
    • IT service providers
    Contact can be made with all group companies and commissioned data processors via VIENNA HOUSE for all data protection queries.
    Transfer to third states
    The following data is transferred to third states outside the EU as part of data processing:
    Country | Application | Types of data
    USA (EU-US Privacy Shield) | Google Analytics | anonymised IP address, name of website, browser-specific information, information on website use
    USA (EU-US Privacy Shield) | Facebook, Twitter, Instagram, Youtube | Social-Plug-ins and Pixel: IP address, name of website, browser-specific information, information on website use with opt-in

  16. Retention period
    Registered customers (newsletter subscribers): Data from registered customers is processed by the controller upon the legal bases mentioned above for the duration of the contractual relationship. The data can be modified and deleted by the controller at any time. However, the usage agreement ends upon cancellation of the newsletter subscription, which leads to immediate deletion.

  17. Customer rights
    • Art. 15 GDPR "Right of access": The customer has the right to obtain confirmation as to whether their personal data is being processed.
    • Art. 16 GDPR "Rectification": The customer has the right to have inaccurate or incomplete personal data rectified.
    • Art. 17 GDPR "Erasure": The customer has the right to demand the erasure of personal data without undue delay where the grounds stated under Art. 17 Para. 1 GDPR apply.
    • Art. 18 GDPR "Restriction": The customer has the right to demand that the processing of personal data is restricted where the grounds stated under Art. 18 Para. 1 GDPR apply.
    • Art. 20 GDPR "Data portability": The customer has the right to receive their personal data in a structured, commonly used and machine-readable format.
    • Art. 21 GDPR "Objection to profiling" Objecting to profiling: the customer has the right to lodge an objection at any time to the processing of their personal data for the purposes of profiling.
      Objecting to direct advertisement: the customer has the right to lodge an objection at any time to the processing of their personal data for the purposes of direct advertisement.

  18. Right to lodge a complaint
    Art. 77 GDPR Section 24 Austrian Personal Data Protection Act (DSG)
    Every customer has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes this regulation.

  19. Supervisory authority
    Austria
    Austrian Data Protection Authority
    Barichgasse 40-42, 1030 Vienna, Austria
    Tel.: +43 1 52 152-0
    E-Mail: [email protected]

    Czech Republic
    The Office for Personal Data Protection
    Urad pro ochranu osobnich udaju
    Pplk. Sochora 27
    170 00 Prague 7
    Tel.: +420 234 665 111
    Fax: +420 234 665 444
    E-Mail: [email protected]
    www.uoou.cz

    Germany
    Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
    Husarenstraße 30
    53117 Bonn
    Tel.: +49 228 997799 0; +49 228 81995 0
    Fax: +49 228 997799 550; +49 228 81995 550
    E-Mail: [email protected]
    www.bfdi.bund.de
    The competence for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to the list provided under www.datenschutz-wiki.de/Aufsichtsbeh%C3%B6rden_und_Landesdatenschutzbeauftragte

    Poland
    Personal Data Protection Office
    ul. Stawki 2, 00-193 Warsaw
    Tel.: +48 22 53 10 300
    Fax: +48 22 53 10 30
    Infoline: +48 606 950 000
    E-Mail: [email protected]
    www.uodo.gov.pl

    Romania
    The National Supervisory Authority for Personal Data Processing
    Opre B-dul Magheru 28-30 Sector 1
    BUCUREŞTI
    Tel.: 40.318.059.211
    Fax: 40.318.059.602
    E-Mail: [email protected]
    www.dataprotection.ro

    Slovakia
    Office for Personal Data Protection of the Slovak Republic
    Hraničná 12, 820 07
    Bratislava 27
    Tel.: + 421 2 32 31 32 14
    Fax: + 421 2 32 31 32 34
    E-Mail: [email protected]
    www.dataprotection.gov.sk

Version: February 2020

Download PDF