Find your perfect match!

Find your perfect match!

Arrival

Departure

-

-

  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • Su
Save

Occupancy

  • Occupancy
  • Rooms
    1
  • Adults
    2
  • Children
    0
Save

Save code


DATA PROTECTION POLICY "Smartbooker"

Vienna House Hotelmanagement GmbH

  1. Processing activity
    Customer loyalty programme "Smartbooker"

  2. Verantwortlicher
    Vienna House Hotelmanagement GmbH ("VIENNA HOUSE")
    Business address: Dresdner Straße 87, 1200 Vienna, Austria
    Telephon: +43 1 333 73 73-0
    Email: office[a]viennahouse.com

  3. Purposes of data processing
    • On the legal basis of fulfilling or preparing the agreement
      1. Operating the customer loyalty programme "Smartbooker"
      2. Creation and administration of the online Smartbooker account
      3. Provision of communication- and booking channels to disseminate content, service customer relationships
      4. Increasing customer satisfaction and customer loyalty by organising competitions, events and surveys
    • • On the legal basis of (overriding) legitimate interests of VIENNA HOUSE: Direct advertisement
      1. Re-acquiring old customers and acquiring new customers
      2. Disseminating/playing advertisement for (further) goods and services of VIENNA HOUSE by use of direct advertisement ("marketing purposes") insofar as this is legally permissible
      3. Analysing the personal preferences of customers for targeted dissemination of advertisement with the goal of avoiding dispersion losses (by using profiling, see Point 9.)

  4. Changes to purpose (Forwarding)
    Direct advertisement:
    VIENNA HOUSE hereby informs that it also processes customers' personal data for the purposes of direct advertisement (incl. profiling). VIENNA HOUSE intends to use direct advertisement to aid in the marketing of advertised (proprietary or third-party) products. The data will not be passed onto any (non-group-affiliated) third parties for this purpose There is no incompatibility with the purpose of the original data collection.

  5. Objecting to processing for the purposes of direct advertisement:
    The customer can object to the use of their personal data for direct advertisement (including "profiling") at any time without providing any reasons to the controller. By lodging an objection, VIENNA HOUSE can no longer use the customer's personal detail for these purposes in future.

  6. Legal basis of data processing
    1. Smartbooker: Fulfilment or preparation of the agreement
    2. Direct advertisement (incl. profiling): overriding legitimate interests of VIENNA HOUSE (see Point 8.)

  7. Description of the (overriding) legitimate interests for the purposes of direct advertising:
    VIENNA HOUSE also processes customer data (however, not the data of children or special categories personal data within the meaning of Art. 9 GDPR ("sensitive data")) to use said data for the purposes of direct advertisement for (further) products of companies affiliated with VIENNA HOUSE (see also Point 5.). VIENNA HOUSE has a legitimate interest in processing personal data for the purposes of direct advertisement (Recital 47, last section of GDPR). This solely involves the processing of customer data in the possession of VIENNA HOUSE from the contractual relationship and for which the retention period still applies. This does not involve an extension to the retention period. The primary goal of data processing is acquiring and holding onto customers with the objective of bringing them into a (preliminary) contractual relationship. VIENNA HOUSE relies on its constitutionally protected freedom of running a business (Art. 6 StGG (Austrian Constitution)) and freedom of communication (particularly Art. 10 ECHR, which also protects advertising measures), and on those rights
    • To send postal advertisement;
    • To make advertising calls following consent;
    • To send electronic mail following consent;
    • To send electronic mail in accordance with Section 107 Para. 3 of the Telecommunication Act (TKG);
    VIENNA HOUSE complies with legal, communication-related requirements while using this data, particularly those of Section 107 TKG.

    • Data processing within the group:
    VIENNA HOUSE is part of a corporate group. VIENNA HOUSE uses group-affiliated companies on a collaborative basis to fulfil its extensive obligations (processing bookings via a central booking system, payment systems, marketing, accounting, etc.). VIENNA HOUSE has a legitimate interest therein (Recital 48 of GDPR).
    This particularly relates to the management of booking data from all group-affiliated companies performed via a central booking system. This database is maintained by VIENNA HOUSE; data is saved and managed centrally. The data is inputted directly by the customer, the subsidiary hotel, or the booking agent depending on the booking. Group-affiliated companies have access to this database for the purposes of contractual fulfilment (performing bookings, capacity planning, etc.).

  8. Analyses of personal aspects of the customer ("profiling")
    Gathering and storing
    VIENNA HOUSE stores customer activities (e.g. redemption of points, orders, complaints, special services, personal preferences, response to offers etc.) to enable optimal customer care and to ensure relevant and targeted measures can be used to improve satisfaction and customer retention, and to adjust the service on an individual basis.
    Analysis of personal interests
    VIENNA HOUSE stores purchasing behaviour, such as responses to certain offers, and deduces specific personal interests from this in order to prevent dispersion losses (and to minimise data processing operations) within direct marketing. VIENNA HOUSE uses these analysed interests in order to communicate targeted, interest-specific offers and advertising to customers. Especially to communicate advertisement to retain customer and avoid dispersion losses in advertising.

  9. Objecting to "profiling":
    The customer can object to the use of their personal data for the purposes of profiling at any time without providing any reasons to the controller. By lodging an objection, VIENNA HOUSE can no longer use the customer's personal detail for the purpose of profiling in future.

  10. Obligation to provide data
    There is no obligation to provide data However, it is difficult to imagine any meaningful use of the customer club services without providing data.

  11. Automated decision-making
    The customer is not subject to any automated decision that has a legal effect upon them.

  12. Types of data processed
    Disclosed by customer:
    First and last name; Address(es); Telephone and tax number(s); Email address(es); Date of birth; Salutation; Title
    Gathered by VIENNA HOUSE additionally:
    Origin of data provided; Turnover total of bookings from the last 12 months; Current offers for customers; Management of customer card (shipping, validity, etc.); In the online area: login for registered users and behaviour; Communication history, campaign development

  13. External recipients of data
    Communication of electronic identification data to controllers
    Group companies: A list of current group companies can be found here.
    Categories of external commercial service providers:
    Tax consultants/accountants; Lawyers; Banks and payment service providers; Collection agency; Software, hardware supplier; Postal service provider; Printers; IT service providers
    Contact can be made with all external recipients via VIENNA HOUSE for all data protection queries.

  14. Transfer to third states
    No data is transferred to third states outside the EU as part of data processing:

  15. Retention period
    Due to the legal bases mentioned above, VIENNA HOUSE generally continues to process guest data for an additional 40 months following the end of the agreement (= 36 months for potential contractual damage claims + max. 4 months to file suit) in a manner which is personally identifiable, and thereafter deletes the data (or at least the data which allows reference to be drawn to the data subject's identity). Personally-identifiable processing of invoice data is then performed until the statutory retention obligations have expired (e.g. the Federal Fiscal Code currently stipulates 7 years).

  16. Customer rights
    • Art. 15 GDPR "Right of access": The customer has the right to obtain confirmation as to whether their personal data is being processed.
    • Art. 16 GDPR "Rectification": The customer has the right to have inaccurate or incomplete personal data rectified.
    • Art. 17 GDPR "Erasure": The customer has the right to demand the erasure of personal data without undue delay where the grounds stated under Art. 17 Para. 1 GDPR apply.
    • Art. 18 GDPR "Restriction": The customer has the right to demand that the processing of personal data is restricted where the grounds stated under Art. 18 Para. 1 GDPR apply.
    • Art. 20 GDPR "Data portability": The customer has the right to receive their personal data in a structured, commonly used and machine-readable format.
    • Art. 21 GDPR "Objection to profiling" Objecting to profiling: the customer has the right to lodge an objection at any time to the processing of their personal data for the purposes of profiling.
      Objecting to direct advertisement: the customer has the right to lodge an objection at any time to the processing of their personal data for the purposes of direct advertisement.

  17. Right to lodge a complaint
    Art. 77 GDPR Section 24 Austrian Personal Data Protection Act (DSG)
    Every customer has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes this regulation.

  18. Supervisory authority
    Austria
    Austrian Data Protection Authority
    Barichgasse 40-42, 1030 Vienna, Austria
    Tel.: +43 1 52 152-0
    E-Mail: [email protected]

    Czech Republic
    The Office for Personal Data Protection
    Urad pro ochranu osobnich udaju
    Pplk. Sochora 27
    170 00 Prague 7
    Tel.: +420 234 665 111
    Fax: +420 234 665 444
    E-Mail: [email protected]
    www.uoou.cz

    Germany
    Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
    Husarenstraße 30
    53117 Bonn
    Tel.: +49 228 997799 0; +49 228 81995 0
    Fax: +49 228 997799 550; +49 228 81995 550
    E-Mail: [email protected]
    www.bfdi.bund.de
    The competence for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to the list provided under www.datenschutz-wiki.de/Aufsichtsbeh%C3%B6rden_und_Landesdatenschutzbeauftragte

    Poland
    Personal Data Protection Office
    ul. Stawki 2, 00-193 Warsaw
    Tel.: +48 22 53 10 300
    Fax: +48 22 53 10 30
    Infoline: +48 606 950 000
    E-Mail: [email protected]
    www.uodo.gov.pl

    Romania
    The National Supervisory Authority for Personal Data Processing
    Opre B-dul Magheru 28-30 Sector 1
    BUCUREŞTI
    Tel.: 40.318.059.211
    Fax: 40.318.059.602
    E-Mail: [email protected]
    www.dataprotection.ro

    Slovakia
    Office for Personal Data Protection of the Slovak Republic
    Hraničná 12, 820 07
    Bratislava 27
    Tel.: + 421 2 32 31 32 14
    Fax: + 421 2 32 31 32 34
    E-Mail: [email protected]
    www.dataprotection.gov.sk

Version: Feb 2020

Download PDF