DATA PRIVACY STATEMENT
The protection of your personal data is one of our prime concerns. Therefore, we process your data exclusively on the basis of the statutory provisions (GDPR, TKG [Telecommunications Act] 2003). In this data protection statement, we inform you about the most important aspects of data protection within the framework of our website.
It is generally possible to use our website without entering personal data. If personal data (e.g. name, address or email address) is collected on our pages, this will always be on a voluntary basis, wherever possible. This data will not be forwarded to any third parties without your explicit consent. We would like to point out that data transfer via the internet (e.g. when communicating via email) may have security flaws. Flawless protection of your data against access by third parties is not possible.
Contact formIf you send us queries using the contact form, your information in the query form and the contact data entered by you therein will be stored by us to process the request and in case of any follow-up questions.
However, your accommodation request can only be used by you and sent to us electronically, if you explicitly agree to this data privacy and data usage statement by clicking on the button.
We will not pass this data on without your consent. In this respect, please take note of our data privacy statement.
Our website uses functions of website analysis services Google Analytics and Matomo. The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Matomo runs on the servers of Cookis GmbH, 6460 Imst, Franz Xaver Rennstrasse 4 (Bakehouse customers). For this purpose, cookies are used that enable users to use the website. The information thereby generated is transferred to the server of the respective provider, where it is stored.
You can prevent this by setting your browser so that no cookies are stored. Your IP address will be logged, but it will be immediately anonymised by deleting the last eight bits clwz. Therefore, only a rough localisation is possible.
The data processing takes place on the basis of the statutory provisions of Section 96(3) TKG and Art. 6(1)(a) (consent) and/or (f) (legitimate interests) GDPR.
Our concern within the scope of GDPR (legitimate interests) is to improve our services and our website. As the privacy of our users is important to us, the user data is pseudonymised.
SSL encryptionFor reasons of security and to protect the transfer of confidential content, such as the queries you send to us as the site operator, this site uses SSL encryption. You will recognise an encrypted connection if the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar. If SSL encryption is activated, the data you send to us cannot be read by third parties.
Data storageWe would like to point out that for the purpose of easier shopping and later contract processing by the online shop operator, the IP data of the subscriber, as well as the name, address and credit card number of the purchaser, will be stored within cookies.
The following data will also be stored by us for the purpose of contract processing: [please expand data for companies] The data provided by you is necessary for the performance of the contract and the implementation of pre-contractual measures. We cannot conclude the contract with you without this data. No data will be transferred to third parties, except to transfer credit card data to the processing banking institution/payment service provider for the purpose of debiting the purchase price, to the transport/shipping company tasked by us to deliver the goods, and to our accountants for the fulfilment of our fiscal obligations.
After cancelling the purchase process, the data stored by us will be deleted. In the case of a contract conclusion, all data from the contractual relationship will be stored until the retention period under tax law (7 years) has expired.
The name, address, purchased goods and purchase date will also be stored until product liability (10 years) has expired. Data is processed based on the statutory provisions of Section 96(3) TKG and Art. 6(1)(a) (consent) and/or (b) (necessity for contract performance) GDPR.
Facebook plugins (Like button) - data privacy statement for usePlugins of social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated on our site. You will recognise the Facebook plugins by the Facebook logo or the “Like button” on our site. You will find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/. When you visit our site, a direct connection will be established between your browser and the Facebook server via the plugin. Facebook will thereby receive notification that you have visited our site with your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. Facebook will therefore be able to match the visit to our site with your user account. We would like to point out that as the provider of the site, we do not receive any knowledge about the content of the data transferred or its use by Facebook. Further information can be found in the Facebook data privacy statement at https://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to match the visit to our site with your Facebook user account, please log out of your Facebook user account.
Instagram - data privacy statement for useFunctions of the Instagram service are included on our site. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our site to your Instagram profile by clicking the Instagram button. Instagram will therefore be able to match the visit to our site with your user account. We would like to point out that as the provider of the site, we do not receive any knowledge of the content of the data transferred or its use by Instagram.
Further information can be found in the Instagram data privacy statement at https://instagram.com/about/legal/privacy/.
Pinterest - data privacy statement for useOn our site, we use social plugins of social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). If you display a page that contains such a plugin, your browser will establish a direct connection with the servers of Pinterest. The plugin will thereby transfer log files to the servers of Pinterest in the USA. These log files may contain your IP address, the address of the visited websites that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest, and cookies.
Further information about the purpose, extent and further processing and use of the data by Pinterest, as well as your rights and opportunities to protect your privacy in this regard, can be found in the data protection notice of Pinterest at https://about.pinterest.com/de/privacy-policy.
YouTube - data privacy statement for use
Our website uses plugins of Google-operated site YouTube. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages provided with a YouTube plugin, a connection with the YouTube servers will be established. The YouTube server will therefore be informed about which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to directly match your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.
Further information can be found in the YouTube data privacy statement at https://www.google.de/intl/de/policies/privacy.
ISSUU - data privacy statement for useFunctions of the ISSUU service are included on our site. These functions are offered by Issuu, Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA. With the Issuu service, you can connect, work with, approve and mix documents with other users of the Issuu service community on the internet. We would like to point out that as the provider of the site, we do not receive any knowledge about the content of the data transferred or its use by ISSUU. Further information can be found in the ISSUU Inc. data privacy statement at https://issuu.com/legal/privacy.
Casablanca hotel softwareFurther processing of personal data
Further processing of personal data is permitted: if there is a business case (offer, reservation), if permission from the person has been granted, or if statutory further use (e.g. accounting, reporting) requires processing.
Specifically, adjustments to correspondence and the registration form, as well as a solution for the logging, storage and archiving of the declarations of consent of the people concerned, are carried out in the hotel software.
Data security and loggingIn the wake of GDPR, all databases on the servers will be encrypted and no more general users will be created in Casablanca, so that all access to personal data is traceable and can be allocated to respective users. In general, all access to the guest register and selections in Casablanca will be logged automatically. All passwords are encrypted and comply with the data protection guidelines. Credit card details are stored in accordance with PCI (service provider: Datatrans.ch).
New form for newsletter management system All customers who use the Casablanca newsletter management system must include a new form (double opt in/out), as this practice must also be logged within the framework of GDPR. Further information about this matter will follow for all customers who are using the Casablanca newsletter management system.
Kognitiv/SeekdaGDPR information will be implemented directly in the program and does not have to be stated separately!
Analytics services FeratelUse of data is by feratel media technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, FN 72841w Landesgericht Innsbruck.
Analytics services ÖWA tracking pixels FeratelOur Website/player uses the “Scalable Central Measurement Method” (SZM) of Austrian Web Analytics (ÖWA) to determine statistical characteristics for using our offers. Anonymous measured values are read. The SZM range measurement alternatively uses either a cookie with the identifier “oewabox.at” or a signature that is created from the various automatically transmitted information from your computer for the purpose of recognizing computer systems. IP addresses are not stored in the process and are processed only in anonymous form. The range measurement was developed in compliance with data protection. The goal of the range measurement is to statistically determine the intensity of use and the number of users of a Website/player. At no time are individual users identified. No advertising about the system is delivered either. The usage statistics collected by Austrian Web Analytics (ÖWA) are published monthly and can be viewed at www.oewa.at.
Note: If you delete your cookies, this will result in the opt-out cookie being deleted as well and you may have to re-activate it.
Bakehouse-NewsletterYou can subscribe to our newsletter at any time using this website. For this purpose, we require your email address and a declaration by you that you agree to obtain the newsletter. In order to provide you purposefully with information, we also collect and process details provided voluntarily, such as browser language and names.
As soon as you have registered for the newsletter, we will send you a confirmation email with a link to confirm the registration.
You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following email address: email@example.com. We will then delete your data in connection with the newsletter transmission immediately.
You have the fundamental right to information, correction, deletion, restriction, data transferability, cancellation and objection. If you believe that the processing of your data violates data protection law or that your legal data protection rights have been violated in any other way, you may make a complaint to the supervisory authority. In Austria, this is the Datenschutzbehörde [data protection authority].