Privacy policy

Privacy

We have drawn up this data protection declaration (version 07.10.2019-121174110) in order to explain to you, in accordance with the provisions of the Data Protection Basic Regulation (EU) 2016/679 and the Data Protection Act (DSG), what information we collect, how we use data and what decision-making options you have as a visitor to this website.

Unfortunately, it is in the nature of things that these explanations sound very technical. However, we have tried to describe the most important things as simply and clearly as possible.

Automatic data storage

When you visit websites today, certain information is automatically created and stored, including on this website.

When you visit our website as you are visiting it right now, our web server (the computer on which this website is stored) automatically stores information such as

the address (URL) of the accessed web page

Browser and browser version

the operating system used

the address (URL) of the previously visited page (referrer URL)

the host name and IP address of the device being accessed

Date and time

in files (web server log files).

Usually web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but cannot exclude the possibility that this data may be viewed in the event of illegal behavior.

Cookies

Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following privacy policy.

What exactly are cookies?

Whenever you surf the Internet, you are using a browser. Some well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is not to be dismissed: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, since there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, quasi the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner sites (e.g. Google Analytics). Each cookie is unique because each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies also cannot access information on your PC.

For example, cookie data may look like this:

Name: _ga
Value: GA1.2.1326744211.152121174110 Purpose: differentiation of website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie

At least 50 cookies per domain

At least 3000 cookies in total

What types of cookies are there?

The question which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly discuss the different types of HTTP cookies.

One can distinguish between 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and only goes to checkout later. These cookies do not delete the shopping cart, even if the user closes his browser window.

Useful cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website in different browsers.

Target-oriented cookies
These cookies ensure a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.

Usually the first time you visit a website, you will be asked which of these types of cookies you would like to allow. And of course this decision is also stored in a cookie.

How can I delete cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies, but allow all other cookies.

If you want to find out which cookies are stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set your browser to notify you whenever a cookie is set. In this way, you can decide for each individual cookie whether or not you wish to accept it. The procedure varies depending on the browser. The best way to find the instructions is to search Google using the search term "Delete Chrome cookies" or "Disable Chrome cookies" in the case of a Chrome browser.

What about my privacy?

Since 2009 there are the so-called "cookie guidelines". This states that the storage of cookies requires your consent. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this directive was implemented in § 96 para. 3 of the Telecommunications Act (TKG).

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Storage of personal data

Personal information that you submit to us electronically on this website, such as your name, e-mail address, postal address or other personal information when submitting a form or comments on the blog, together with the time and IP address, will only be used by us for the purpose stated, kept secure and not disclosed to third parties.

Thus, we use your personal data only for communication with those visitors who expressly request contact and for the processing of the services and products offered on this website. We will not pass on your personal data without your consent, but we cannot exclude the possibility that this data may be viewed in the event of unlawful behaviour.

If you send us personal data by e-mail - thus off this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data by e-mail without encryption.

Rights in accordance with the basic data protection regulation

In accordance with the provisions of the DSGVO and the Austrian Data Protection Act (DSG), you have the following rights:

Right to correction (Article 16 DSGVO)

Right of deletion ("right to be forgotten") (Article 17 DSGVO)

Right to restrict processing (Article 18 DSGVO)

Right of notification - Obligation to notify in connection with the correction or deletion of personal data or the restriction of processing (Article 19 DPA)

Right to data transferability (Article 20 DSGVO)

Right of objection (Article 21 DSGVO)

Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 DPA)

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the data protection authority, whose website you can find at https://www.dsb.gv.at/.

Evaluation of visitor behavior

In the following data protection declaration, we inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is usually anonymous and we cannot draw any conclusions about your personal behavior on this website.

You can find out more about how to object to this evaluation of visit data in the following data protection declaration.

TLS encryption with https

We use https to transmit data tap-proof on the Internet (data protection through technology design article 25 paragraph 1 DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the scheme https (instead of http) as part of our internet address.

Google Fonts Privacy Policy

On our website we use Google Fonts. These are the "Google Fonts" of the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

To use Google fonts, you do not need to log in or set a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google Account, you do not need to worry about your Google Account information being submitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this information securely. We will see in detail how the data storage looks exactly.

What are Google Fonts?

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google LLC makes available to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts we can use fonts on our own website, and we don't have to upload them to our own server. Google Fonts is an important component to keep the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for use on mobile devices. If you visit our site, the low file size ensures a fast loading time. Furthermore, Google fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can visually distort some texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts to make our entire online service as beautiful and consistent as possible.

What data does Google store?

When you visit our website, the fonts are reloaded via a Google server. This external call transfers data to the Google servers. In this way Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for a proper provision of fonts. By the way, API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.

Google Fonts securely stores CSS and font requests at Google and is therefore protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use Google's BigQuery web service to examine and move large amounts of data.

However, it should also be noted that each Google Font request automatically sends information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. This allows us to use the fonts with the help of a Google style sheet. A stylesheet is a style template that allows you to easily and quickly change e.g. the design or font of a web page.

The font files are stored at Google for one year. Google's goal is to improve the loading time of web pages. If millions of web pages link to the same fonts, they are cached after the first visit and reappear immediately on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transferred to Google when the page is viewed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=121174110. In this case you only prevent data storage if you do not visit our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we have unlimited access to a sea of fonts and can thus get the optimum for our website. You can find more information about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=121174110. Although Google addresses privacy issues there, really detailed information about data storage is not included. It is relatively difficult to get really detailed information about stored data from Google.

You can also find out which data is basically collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Google Maps Privacy Policy

On our website we use Google Maps from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). With Google Maps we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on Google's servers. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

What is Google Maps?

Google Maps is an internet map service of the company Google Inc. With Google Maps you can search online via a PC or an app for exact locations of cities, sights, accommodations or companies. If companies are represented on Google My Business, additional information about the company is displayed next to the location. In order to display the directions, map sections of a location can be integrated into a website using HTML code. Google Maps shows the surface of the earth as a road map or as an aerial or satellite image. Thanks to street view images and high-quality satellite images, accurate representations of a location are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps we can provide you with the most important information about various locations. Thanks to Google Maps you can see at a glance where we have our headquarters. The route description always shows you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us the provision of Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to be able to offer its service completely, the company must collect and store data about you. This includes the search terms you enter, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the entered start address is also stored. However, this data storage happens on the websites of Google Maps. We can only inform you about it, but we cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide individual, personalized advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ121174110 Purpose: NID is used by Google to match ads to your Google search. Google uses the cookie to "remember" your most frequently entered search queries or your previous interaction with ads. So you always get customized ads. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.
Expiration date: after 6 months

Note: We cannot guarantee the completeness of the stored data. Especially when using cookies, changes in Google can never be ruled out. In order to identify the cookie NID, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

The Google servers are located in data centers around the world. However, most of the servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can find out exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes the data on different data carriers. This way the data can be accessed more quickly and is better protected against possible manipulation attempts. Each data center also has special emergency programs. If, for example, there are problems with the Google hardware or a natural disaster paralyses the servers, the data is still protected with pretty sure.

Some data is stored by Google for a fixed period of time. For other data Google only offers the possibility to delete them manually. The company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.

How can I delete my data or prevent data storage?

With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information is stored for either 3 or 18 months, depending on your decision, and then deleted. You can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location data from being recorded, you must pause the "Web and App activity" section in your Google Account. Click "Data and personalization" and then click the "Activity setting" option. Here you can turn the activities on or off.

You can also disable, delete or manage individual cookies in your browser. Depending on which browser you use, this always works slightly differently. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set your browser to notify you whenever a cookie is set. In this way, you can decide for each individual cookie whether you want to allow it or not.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG. If you want to learn more about Google's data processing, we recommend that you read the company's own privacy policy at https://policies.google.com/privacy?hl=de.

Google Analytics Privacy Policy

We use Google Analytics from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on this website to statistically evaluate visitor data. Google Analytics uses target-oriented cookies for this purpose.

Cookies from Google Analytics

_ga

Expiration period: 2 years

Usage: differentiation of website visitors

Example value: GA1.2.1326744211.152121174110

_gid

Expiration time: 24 hours

Usage: differentiation of website visitors

Example value: GA1.2.1687193234.152121174110

_gat_gtag_UA_

Sequence time: 1 minute

Use: Is used to throttle the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is named _dc_gtm_ .

Example value: 1

For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/de.html or https://support.google.com/analytics/answer/6004245?hl=de.

Pseudonymization

Our concern in terms of the DSGVO is the improvement of our offer and our web presence. Since the privacy of our users is important to us, the user data is pseudonymized.

Deactivation of data collection by Google Analytics

Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), website visitors can prevent Google Analytics from using their data.

You can prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Google Analytics reports on demographic characteristics and interests

We have enabled the advertising reporting features in Google Analytics. The demographic and interest reports include information on age, gender and interests. This enables us to get a better picture of our users without having to assign this data to individual persons. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can stop using the activities and information of your Google Account by checking the checkbox under "Advertising settings" on https://adssettings.google.com/authenticated.

Google Analytics add-on for data processing

We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the "Data Processing Addendum" in Google Analytics.

You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Source: Created with the data protection generator of content marketing agency AdSimple.at in cooperation with Dr. Wallentin

Video surveillance

We have set up video surveillance in our company. This data protection declaration applies to all persons affected by the video surveillance of our company (company name Stadthotel Oberndorf GmbH, hereinafter Stadthotel Oberndorf). We hereby inform you about the type, scope and purpose of the collection and use of your personal data by our company in this context. We respect your privacy and endeavour to strictly comply with the legal requirements for the processing of your personal data (EU Regulation No. 679/2016 (DSGVO), DSG and TKG 2003). All your personal data will be processed on this basis.

Video surveillance is used for the preventive protection of the property, integrity and safety of our hotel guests and customers, but also of our company and our employees. The video surveillance affects all entrances to the hotel, the generally accessible rooms and open spaces within the hotel building and the outbuilding. 

These surveillance measures serve to secure evidence in the event of an incident for the prosecution of criminal offences and to protect and defend our claims, but also the claims of our hotel guests, employees and other injured third parties and to fulfil the legal interests and obligations of us and the aforementioned groups of persons. For this purpose, we collect the following data from persons who are in the video-monitored area: Image data of the persons concerned including place and time of recording. 

As far as it is not merely a real-time transmission, the data is stored for up to 72 hours. Exceptionally, in a specific case, longer storage, transfer (e.g. to courts, security authorities, legal representatives) and other processing will take place as long as this is necessary for the execution of the associated legal or official proceedings and disputes. If there is no occasion and no other legal storage obligations are to be observed, the video recordings will be deleted after 72 hours. 

In the event of an incident, we are entitled to transfer data to the competent authorities and courts as well as to insurance companies and persons who derive claims from actions that have been documented within the scope of video surveillance, and to their legal representatives. We would like to point out that in exceptional cases, courts may order publication of the recordings.

We do not use automated decision making or profiling. We take appropriate technical and organizational security measures to ensure that your data is processed in compliance with the German Data Protection Act. The video recordings are encrypted and can only be viewed by authorized persons at a secure location with a computer not connected to the IT network of our company. The video surveillance is carried out in the Stadthotel Oberndorf with the program HiLook. The data is not transmitted to the company. 


Responsible for data processing is the Stadthotel Oberndorf.

Our data protection coordinator is the managing director Kerstin Zangl.  

Rights of data subjects / objection / contact:
You can request information about your personal data stored by us free of charge at any time. As the person concerned, you also have the right to object to, obtain information about, delete, correct, restrict and transfer your personal data. Since we process the data on the basis of our legitimate interests, you have a fundamental right to object if there are reasons arising from your particular situation that speak against such processing. 

The Austrian Data Protection Authority (DSB), Barichgasse 40-42, 1030 Vienna, is the competent supervisory authority for complaints.

Miscellaneous
We reserve the right to change this privacy policy at any time and to adapt it to new developments. The new version is valid from the time it is made available on our website and/or posted on our premises. The current version of the data protection declaration is available at any time on our website at www.stadthotel-oberndorf.at, our imprint at www.stadthotel-oberndorf.at .