Request & booking
Contact
Hotel-Gasthof Goldener Löwe
Familie Schöser, Hußlstraße 4
6130 Schwaz, Tyrol, Austria

Phone: +43 5242 623730
Fax: +43 5242 6237344
E-Mail: info@goldenerloewe.at
www.goldenerloewe.at
You are here: goldenerloewe.at » Privacy Policy
Data Privacy Policy

We are excited about and would like to thank you for your interest in our business. Our management team at HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU takes data protection extremely seriously. In general, the use of HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU’s websites is possible without the disclosure of personal data. However, should a concerned party make use of certain special services which our business provides on our website, the processing of said respective party’s personal data could become necessary. Should the processing of personal data be required and should there not be a legal requirement to perform such actions, we generally ask for the respective concerned party’s permission to do so.

 

The processing of a concerned party’s personal data, for instance their name, mail address, e-mail address or phone number (see Attachment A), always occurs in compliance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection laws effective and applicable for HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU. This data privacy policy serves as a means for our business to inform and educate the public on the type and scope of and reason for our collection, usage and processing of personal data. Furthermore, said data privacy policy informs concerned parties about their rights.

 

In an effort to secure any processed personal data as much as possible the HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU, as responsible party in charge of data processing, has implemented numerous technical and organizational measures. Having said that, any internet-based transfer of data in general may be prone to security flaws so that complete protection can never be guaranteed in absolute terms. Due to the occasional risks associated with such web-based data transfers, a concerned party is at liberty to disclose their respective personal data to us in alternative ways, i.e. by e-mail or postal service.

 

1. Terminology:

 

The data privacy policy of HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER is based on the terminology and definitions used by the European guidelines committee and regulators at the enactment of the GDPR. Our data privacy policy should be easily readable and understandable for the public as well as our customers and business partners alike. To ensure the aforementioned, we would first like to define the terms used.

 

In this data privacy policy, we frequently use the following terms:

 

a) Personal Data

 

Personal data is all information which refers to an identified or identifiable natural person (below “concerned party”). A natural person is considered identifiable if said natural person can be, directly or indirectly, identified by means of affiliation to identifying information. Said identifying information may be a name, a code/identification number, location data, online identifying information or one or more special characteristics which are expressions of physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.

 

b) Concerned Party

 

A concerned party is every identified or identifiable natural person whose personal data is processed by the responsible party in charge of data processing.

 

c) Processing

 

Processing is every performed process or every such series of processes related to personal data, with or without the help of an automated process. Such activities include the acquisition, collection, organization, arrangement, storage, adjustment or change, sorting, inquiry, use, disclosure by transmission, distribution or another form of provision, reconciliation or connection, limitation, erasing or deletion of personal data.

 

d) Limitation of Processing

 

Limitation of processing is the labeling of stored personal data with the goal to limit its future processing.

 

e) Profiling

 

Profiling is every type of automated processing of personal data characterized by the use of said personal data in an effort to assess particular personal aspects related to a natural person and analyze or predict aspects related to work performance, economic position, health, personal preferences, interests, reliability, behavior, location or change of location.

 

f) Anonymization

Anonymization is the processing of personal data in such a way that said personal data can no longer be linked to a specific concerned party without the consultation of additional data, as long as said additional data is stored separately and underlies technical as well as organizational measures which guarantee that said personal data cannot be linked to an identified or identifiable natural person.

 

g) Responsible Party or Responsible Party in Charge of Data Processing

A responsible party or a responsible party in charge of data processing is the natural or legal person, authority, establishment or other type of body who decides, either alone or with others, about the purpose, scope and methods of personal data processing. If purpose, scope and methods of personal data processing are determined by union law or the law of member states, the responsible party or rather the respective criteria specified by the responsible party can be provided according to union law or member states law.

 

h) Order Processor

 

An order processor is a natural or legal person, authority, establishment or other type of body who processes personal data by order of the responsible party.

 

i) Recipient

 

A recipient is a natural or legal person, authority, establishment or other type of body personal data is disclosed to regardless of whether said recipient is a third party or not. However, authorities who receive, according to union law or member states law, potentially personal data in the context of a particular order inquiry are not considered recipients.

j) Third Party

 

A third party is a natural or legal person, authority, establishment or other type of body other than the concerned party, the responsible party, the order processor. Third parties further include individuals who are authorized to perform the processing of personal data under the liability of the responsible party or the order processor.

 

k) Consent

 

Consent is every case-associated voluntary, informed and unambiguously issued declaration of intention by the concerned party. Said declaration of intention may take the form of an actual declaration or another form of action which clearly and unambiguously proves the concerned party’s agreement to the processing of their respective personal data.

 

2. Name and Address of the Responsible Party in Charge of Data Processing

 

The responsible party as defined by the General Data Protection Regulation (GDPR), other effective data privacy laws of member states of the European Union and other regulations with a data privacy law-like nature is the following:

 

HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU

Herr Christian Schöser

Husslstraße 4

6130 Schwaz

Austria

+43 (0)5242 62373

E-Mail: info@goldenerloewe.at

Website: https://www.goldenerloewe.at

3. Collection of General Data and Information

Every time the concerned party or an automated system visits or accesses the website of HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU, said website collects a series of general data and information. Said general data and information are saved in the server’s log-files. The website can collect (1) the browser types and respective versions used, (2) the operating system used by the accessing system, (3) the internet website from which the accessing system has reached our website (so-called referrer), (4) the subsites which are accessed by an accessing system on our website, (5) the date and time of access to our website, (6) an Internet-Protocol address (IP-address), (7) the internet service provider of the accessing system and (8) other similar data and information which help to address and combat security concerns in the event of an attack on our information-technological systems.

Upon use of said general data and information, HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU does not draw any conclusions with regard to the concerned party. Said information is more so required to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as the advertising for it, (3) guarantee the ongoing operational capability of our information-technological systems and technology of our website as well as to (4) provide law enforcement with the necessary information to prosecute in the case of cyber attacks. The anonymously collected data and information is therefore evaluated both on a statistical level and with the purpose of increasing data protection and data security in our business. Said actions are ultimately taken to secure an optimal level of protection for the personal data we collect and process. The anonymous data of the server’s log-files are saved separately from all personal data specified by a concerned party.

IP-Anonymization:

 

We use the feature “Activation of IP-Anonymization” on this website. Through its respective use, your IP-address will be first truncated by Google within the member states of the European Union or other parties, i.e. countries, to the agreement on the European Economic Area. Only in special cases will the complete IP-address first be transferred to a Google server in the USA and truncated within the USA. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing the website operator with other services related to website and internet usage. The IP-address which your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

 

Privacy Statement Google Maps:

This website uses a map service called Google Maps over an API. The provider for said map service is Google Inc., 1600 Ampitheatre Parkway Mountain View, CA 94043, USA. To use the features of Google Maps it is necessary to save your IP-address. This information will generally be transferred to a Google server in the USA and stored within the USA. The provider of this website has no influence on such a data transfer.

 

You can find more information about the handling of user data in Google’s privacy statement: https://www.google.de/intl/de/policies/privacy/

 

Contact, Contact Form, Fast Booking and Booking Requests:

If you send us an enquiry via our contact form, quick form or booking form, we will save the personal data including any contact information you have indicated on the respective form used. This is necessary to process your request and in case there are any additional questions. We do not share your personal data and information without your explicit consent.

 

Google Analytics:

 

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files that will be placed on your computer in an effort to help the website analyze how users use the site. The information generated by the cookie about your usage of the website will be transmitted to and stored by Google on servers in the United States of America. In case IP-anonymization is activated on this website, your IP-address will be truncated within the area of member states of the European Union or other parties to the agreement on the European Economic Area. Only in special cases will the complete IP-address first be transferred to a Google server in the USA and truncated within the USA. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing the website operator with other services related to website and internet usage.

The IP-address which your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; However, we would like to inform you that in this case you may not be able to use the full functionality of this website. You further have the option to prevent the collection of personal data by Google, which has been generated by the cookie and concerns the usage of website data (including your IP-address) and prevent the disclosure of such data through Google by downloading and installing the available browser-plugin via the following link: http://tools.google.com/dlpage/gaoptout

Google Analytics Addendum:

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files that will be placed on your computer in an effort to help the website analyze how users use the site. The information generated by the cookie about your usage of the website will be transmitted to and stored by Google on servers in the United States of America. In case IP-anonymization is activated on this website, your IP-address will be truncated within the area of member states of the European Union or other parties to the agreement on the European Economic Area. Only in special cases will the whole IP-address first be transferred to a Google server in the USA and truncated within the USA. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing the website operator with other services related to website and internet usage.

The IP-address which your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; However, we would like to inform you that in this case you may not be able to use the full functionality of this website. You further have the option to prevent the collection of personal data by Google, which has been generated by the cookie and concerns the usage of website data (including your IP-address) and prevent the disclosure of such data through Google by downloading and installing the available browser-plugin via the following link: http://tools.google.com/dlpage/gaoptout

You can further prevent the tracking through Google Analytics by clicking on the following link. This will install an opt-out cookie which will prevent the future collection of data when visiting this website.

 

You can find more information about the terms of use and data protection under Google Analytics Conditions or Google Analytics Overview. We would like to inform you that on this website, Google Analytics has been enhanced by the code “gat._anonymizeIp();” to guarantee an anonymous collection of IP-addresses (so-called IP-Masking).

4. Routine-based Deletion and Sealing of Personal Data

The responsible party in charge of data processing processes and saves the personal data of a concerned party only for either the time period necessary to serve the intended purpose of said data saving or the time period set forth in laws or regulations by the European guidelines committee and regulators or another legislative authority whose jurisdiction the responsible party in charge of processing falls under.

If data saving no longer serves its intended purpose or the time period set forth by the European guidelines committee and regulators or another legislative authority whose jurisdiction the responsible party falls under has expired, said personal data is sealed or deleted in a routinely fashion and according to legal regulations.

5. Rights of the Concerned Party

a) Right to Confirmation

Every concerned party has been granted by the European guidelines committee and regulators the right to ask the responsible party in charge of data processing for confirmation as to whether their respective personal data will be processed. Should a concerned party want to make use of said right to confirmation, they may at any time contact our data privacy coordinator or another employee of the responsible party in charge of data processing.

b) Right to Information

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to receive, free of charge, both information about the respective personal data saved and a copy of said information. Furthermore, the European guidelines committee and regulators have granted every concerned party the right to the following information:

  • the purpose of the concerned party’s respective personal data processing
  • the categories of personal data which are being processed
  • the recipients or categories of recipients said personal data has been or will be disclosed to, especially when said personal data is disclosed to third party countries or international organizations
  • if possible, the intended time period said personal data will be saved for; if not possible, the criteria used to determine said time period
  • the existence of a right to correct or delete the respective personal data of a concerned party or the existence of a right to restrict the responsible party from further processing or the existence of a right of objection to such processing
  • the existence of a right of appeal at a regulatory authority
  • if personal data is not collected through the concerned party: all available information about the source of such personal data
  • the existence of an automated decision-making process including profiling pursuant to Article 22(1) and (4) GDPR and – at least in such cases – meaningful information about the involved logic as well as the scope and desired effects of such processing with respect to the personal data of the concerned party

Furthermore, the concerned party has a right to information about whether the respective personal data has been submitted to a third party country or an international organization. If this is the case, the concerned party has the right to information about the appropriate guarantees in relation to such a submission.

Should a concerned party want to make use of said right to information, they may at any time contact our data privacy coordinator or another employee of the responsible party in charge of data processing.

c) Right to Correction:

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to demand the immediate correction of any incorrect respective personal data of said concerned party. Furthermore, in consideration of the purpose of personal data processing, the concerned party has the right to demand the completion of incomplete personal data – even by means of a complementary declaration.

Should a concerned party want to make use of said right to correction, they may at any time turn to our data privacy coordinator or another employee of the responsible party in charge of data processing.

d) Right to Deletion (Right To Be Forgotten)

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to demand for the responsible party to immediately delete their respective personal data if any of the following reasons apply and additional processing is not necessary:

  • The personal data has been collected or processed in such a way that they are no longer required.
  • The concerned party revokes their consent which the processing of personal data drew upon pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for processing of said data.
  • The concerned party appeals against the processing of their respective personal data pursuant to Article 21(1) GDPR and there are no overriding, justified reasons for such processing or the concerned party appeals against said processing pursuant to Article 21(2) GDPR.
  • The personal data has been processed unlawfully.
  • The deletion of personal data is required to comply with a legal obligation pursuant to Union law or the law of member states, whichever the responsible party is governed by.
  • The personal data was collected in a manner relating to offered services by the information society pursuant to Article 8(1) GDPR.

Provided that one of the aforementioned reasons applies and that a concerned party demands the deletion of their respective personal data collected by HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU, said concerned party may at any time contact the responsible party. Said responsible party of HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will arrange for the deletion request to be honored promptly.

If personal data has been made public by HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU and our business is required as responsible party to delete said personal data pursuant to Article 17(1) GDPR, HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will, under consideration of the technology available and the respective implementation cost, take the appropriate measures, even measures of technical nature, to inform other data-processing responsible parties, who process said released personal data, about the concerned party’s request for other data-processing responsible parties to delete said personal data in addition to all respective links, copies or replications of said personal data, as long as processing of such data is not required. The responsible party at HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will arrange for the necessary steps on a case-by-case basis.

e) Right to Restriction of Processing

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to demand for the responsible party to restrict processing if one of the following requirements is fulfilled:

  • The concerned party contests the accuracy of their respective personal data for a time period which allows for the responsible party to review said personal data for accuracy.
  • The processing is unlawful, the concerned party rejects the deletion of their respective personal data and requests instead the restriction of use of said personal data.
  • The responsible party no longer requires the personal data for purpose of processing, the concerned party however requires said personal data for the assertion, exercise or defense of legal claims.
  • The concerned party has appealed the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the responsible party outweigh the legitimate reasons of the concerned party.

Provided that one of the aforementioned conditions is met and a concerned party desires to request the restriction of the personal data saved by HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU, said concerned party may at any time contact the responsible party. The responsible party at HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will arrange for the restriction of processing request to be honored.

f) Right to Data Portability

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to receive their respective personal data, which has been disclosed to the responsible party by the concerned party, in a structured, common and machine-readable format. The concerned party further has the right to transfer said personal data to another responsible party without restriction by the responsible party whom said personal data has been previously disclosed to. Said right holds as long as the processing is based on an agreement pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and as long as said processing is done by means of an automated process, is not required to carry out a task which lies in the public interest or is done by means of exercise of official authority which has been transferred to the responsible party.

When exercising their respective right to data portability pursuant to Article 20(1) GDPR, the concerned party further has the right to demand for their respective personal data to be transmitted directly from one responsible party to another responsible party as long as such a data transmission is technically possible and does not compromise the rights and liberties of other people.

To enforce their respective right to data portability, the concerned party may at any time contact the responsible party at HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU.

g) Right to Appeal

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to appeal, for reasons which are the direct result of their respective situation, against any processing of their respective personal data which occurs pursuant to Article 6(1)(e) or (f) GDPR. This further holds for any profiling that is based on the same provisions.

In the case of an appeal, HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will discontinue the processing of the respective personal data in question unless we can determine compelling and legitimate reasons for such processing which outweigh the interests, rights and liberties of the concerned party or unless such processing functions as a means to assert, exercise or defend any respective legal claims.

If HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU processes personal data to engage in direct advertising, the concerned party has the right to appeal against any processing of their respective personal data performed to engage in such a form of advertising.  This, too, holds for profiling as long as said profiling is associated with such direct advertising. If the concerned party appeals against the processing of personal data performed to engage in direct advertising by HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU, HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will discontinue to process said respective personal data for the aforementioned purpose of direct advertising.

To enforce their respective right to appeal, the concerned party may at any time directly contact the responsible party at HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU. The concerned party is further at liberty, in relation to the use of services of the information society irrespective of directive 2002/58/EG, to enforce their respective right to appeal via automated processes which require the use of technical specifications

h) Automated Decisions on a Case-by-Case Basis Including Profiling

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right not to be subjugated to such a decision which is based exclusively on automated processing (including profiling) which, in turn, produces a legal effect on the concerned party or considerably compromises said concerned party. Said right holds as long as said decision (1) is not required for the closing or the fulfilment of the contract between the concerned party and the responsible party or (2) is permissible pursuant to the legislation of the Union or member states which the responsible party is governed by, and said legislation contains appropriate measures to preserve and uphold the rights and liberties as well as the justifiable interests of the concerned party or (3) is made with the express consent of said concerned party.

If said decision (1) is required for the closing or fulfilment of the contract between the concerned party and the responsible party or (2) is made with the express consent of said concerned party, HOTEL „GASTHOF GOLDENER LÖWE“ CHRISTIAN SCHÖSER EU will take the appropriate steps to preserve and uphold the rights and liberties as well as the justifiable interests of the concerned party, which, in turn, includes at least the right to obtainment of intervention of a person on the part of the responsible party, the right to state one’s own respective position and the right to appeal said decision.

To enforce their respective right relating to automated decisions, the concerned party may at any time contact our data protection coordinator or another staff member of the responsible party in charge of processing.

i) Right to Revoke Personal Data-Specific Declaration of Consent

Every concerned party whose personal data is processed has been granted by the European guidelines committee and regulators the right to revoke their respective personal data-specific declaration of consent at any point in time.

To enforce their respective right to revoke said personal data-specific declaration of consent, the concerned party may at any time contact our responsible party.

6. Legal Basis of Processing

Article 6(I)(a) GDPR serves our business as the legal basis for any processing operations for which we obtain declarations of consent regarding special processing purposes. If processing of personal data is required for fulfilment of a contract whose contracting party is the concerned party, as it is the case for instance with processing operations necessary for the delivery of goods or the performance of another service or return service, processing is handled pursuant to Article 6(I)(b) GDPR. Same holds for such processing operations which are required to perform pre-contractual measures, as it is the case for instance with enquiries regarding our products or services. If our business has a legal obligation which requires the processing of personal data, as is the case, for instance, with the fulfilment of tax obligations, said processing will occur pursuant to Article 6(I)(c) GDPR. In rare cases, processing of personal data may become necessary to protect vital interests of the concerned party or another natural person. This would, for instance, be the case if a guest in our business were hurt and their name, age, insurance information or other vital information were required to be disclosed to a doctor, hospital or other third parties as a direct consequence. In this case, the processing of the concerned party’s respective personal data would occur pursuant to Article 6(I)(d) GDPR. Finally, processing operations may be based on and occur pursuant to Article 6(I)(f) GDPR. Such a legal framework serves as the legal base for processing operations which are either not covered by any of the other aforementioned legal frameworks, or when processing is required to protect a legitimate interest of our business or a third party as long as the interests, fundamental rights and fundamental freedoms of the concerned party do not prevail. We are allowed to perform such processing operations particularly because they have been particularly expressed by the European legislator. The European legislator took the position that a legitimate interest could be assumed if the concerned party is a customer of the responsible party (Recital 47 Sentence 2 GDPR).

7. Legitimate Processing Interests Pursued by the Responsible Party or a Third Party

If the processing of personal data is legally based on Article 6(I)(f) GDPR, our legitimate interest is to conduct our business activities in support of the well-being of all our employees and shareholders.

 

8. Time Period Personal Data is Stored for

The decisive criterion when it comes to the appropriate time period personal data is stored for is the respective legal retention period. After expiration of the deadline set forth by the aforementioned criterion, said personal data will be deleted in a routinely manner, as long as said personal data is no longer required for contract initiation or fulfilment.

9. Legal or Contractual Regulations for the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Concerned Party to Provide Their Respective Personal Data; Potential Consequences of Failure to Provide Such Personal Data

We inform you that the provision of personal data is partly required by law (i.e. tax regulations) or may also arise from contractual regulations (i.e. information about the contracting party). The conclusion of a certain contract may sometimes require the concerned party to provide their respective personal data to us which, in turn, we have to process. For instance, the concerned party is required to provide us with their respective personal data if our business enters into a contract with said concerned party. Failure to provide such personal data would prevent contract conclusion with the concerned party. Before the respective provision of personal data through the concerned party, the concerned party must contact our data protection coordinator. Our data protection officer will explain to the concerned party on a case-by-case basis whether the provision of the respective personal data by the concerned party is either required from a legal or contractual standpoint or required for conclusion of contract, or whether an obligation exists to provide such personal data. Furthermore, said data protection officer will explain to the concerned party the consequences of a failure to provide such personal data.

10. Existence of Automated Decision-Making

As a company conscious of its responsibilities, we forego the use of automated decision-making or profiling.