Privacy Policy

Data privacy policy and consent to data use

 

We are pleased with your visit to our website and thank you for your interest in our company. Our interactions with our clients and interested parties are a matter of trust. We really value the trust extended to us, meaning that we are committed to exercising great care when handling your data and protecting it from misuse.

 

In order to make you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously.  For this reason, we act only in compliance with the applicable legislation concerning the protection of personal data and data security. The purpose of this data privacy information is therefore to provide you with information regarding the data that we store and how we use it – in compliance with the applicable case law.

 

SANA Berlin Hotel complies with the EU General Data Protection Regulation and the current German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in particular. To protect your personal data while using the Internet, we take guidance from the Teleservices Act (Telemediengesetz, TMG) of the Federal Republic of Germany.

 

In the following we explain what information we collect during your visit to our websites and how it is used.

Overview

Name and address of data controller

Name and address of data protection officer

Contact form / e-mail contact

Collection, processing and use of personal data at SANA Hotels

Online booking via the website

Online booking via other websites

Support, advice and advertising for corporate customers

Online review

Newsletter service

Your application for a job advertisement

Provision of the website and creation of log files

Use of cookies

Use of Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing

Use of Social Media-Plug-ins

Protection of minors

Rights of the data subject

Right to lodge a complaint with a Supervisory authority

Security

 

Name and address of data controller

The person responsible for the GDPR and other national data protection laws of the member states as well as other data protection regulations is the following:

 

SANA Berlin Hotel Ltd.

Nuremberger Straße 33/34

D-10777 Berlin

 

Phone: +49 (0) 30 2005 1510

Fax: +49 (0) 30 2005 1519

Mail: sanaberlin@sanahotels.com

 

Name and address of data protection officer

The data protection officer of the controller is:

 

Mr Andreas Thurmann

DataSolution LUD GmbH

Isarstraße 13

D-14974 Ludwigsfelde

 

Phone: +49 (0) 3378 202513

Fax: +49 (0) 3378 202514

Mail: mail@hoteldatenschutz.de

 

Contact form / e-mail contact

  1. Description and scope of data processing

Insofar as a contact form is provided on our website, this may be used to make contact electronically. Should a user contact us via the contact form, the data entered in the input template shall be transferred to us and then stored. This data includes: title, first name and surname, address, e-mail address, telephone number as well as the reason for contact.

It is also possible to contact us using the e-mail address provided. In this case, personal data of the user which is transmitted along with the e-mail shall be stored.

  1. Legal basis for data processing

Our legitimate interest in data processing within the context of making contact with the inquirer constitutes the initial legal basis for data processing. If the purpose of making contact is to conclude a contract, the initiation of a business relationship or of a contractual relationship shall constitute the additional legal basis for data processing.

  1. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of making contact. If we are contacted by e-mail, we also have a necessary legitimate interest to process data.

Other personal data processed during the submission process serves to prevent misuse of the contact form and to guarantee the security of our IT systems.

  1. Storage duration

Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, data is deleted when the respective correspondence with the user has ended. Correspondence concludes when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

If contact is made based on a pre-contractual relationship (offer or reservation request), the transmitted data shall be additionally stored in our hotel and/or event software and used for executing contracts. Should no contractual relationship arise, we shall delete the data after a period of one year from the year end.

  1. Option for objection and elimination

The inquirer (data subject) can revoke his/her consent to the processing of personal data at any time. We have set up the e-mail address dir.berlin@sanahotels.com for this purpose.

Please note that in the case of an objection, correspondence cannot be continued, and we cannot continue to make offers, etc.

In this case, all personal data stored at the time of making contact shall be deleted.

 

Collection, processing and use of personal data at SANA Hotels

  1. Description and scope of data processing

The object of the hotel group is the operation of several hotels in Portugal, Germany and Angola with joint responsibility. The data collection, processing and use is carried out in order to achieve the stated purpose.

Hotels, guesthouses and other accommodation facilities may collect personal data of their guests and store it in automated procedures, as far as this is necessary within the scope of the accommodation contract. As a rule, this also includes billing data on food and beverages, on telephone calls made from the room and/or other hotel-specific services. Due to national registration regulations, hotels and lodging establishments are obliged to request information about the guest, such as first and last name, date of birth, place of residence and nationality.

SANA Hotels Portugal, S.A., Edifício Myriad Crystal Center, Cais das Naus, Lote 2.15.02, 1990-173 Lisboa, Portugal is responsible for making central reservations. To increase our services, we manage all data received in our central hotel software within the hotel group. The hotel in which the booking is made is responsible for this. The respective booking data can only be viewed by the responsible person. Together, the access to the master data of a guest is used, for example, to make a reservation for another hotel at a later date, to rebook or to carry out marketing activities centrally. Central services such as reservation and marketing access this data. The legal basis for the processing of the data is our legitimate interest in data processing within the framework of central administration and use of the data of our customers and business partners within the hotel group.

If services are used, as a rule only such data is collected as is required to provide the services. Insofar as further data is collected, it is voluntary information. Personal data is processed exclusively for the purpose of fulfilling the requested service and to protect our own legitimate business interests in accordance with Art. 6 Para. 1 lit. f DSGVO.

Contact details of guests may be used at a later date by the sales department for advertising purposes. Advertising campaigns preferably include mailings. The use of the e-mail address requires the consent of the guest according to Art. 6 para. 1 lit. a DSGVO.

Your data will only be processed for purposes other than those mentioned above if such processing is permissible in accordance with Art. 6 para. 4 DSGVO and is compatible with the original purposes of the contractual relationship. We will inform you of these processing operations before processing your data in this way.

  1. Legal basis for the data processing

The legal basis for processing the data is the conclusion of an accommodation contract with the guest.

The transmitted data will be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.

  1. Affected groups of persons, data and data categories:

In order to fulfil the listed purpose, personal data is collected, processed and used for the following categories:

  • Guest data (esp. address data, contact data, reservation data, guest requests, billing data)
  • Other customer data (especially address data, billing and performance data)
  • Data of interested parties (esp. interest in accommodation, address data)
  1. Recipients to whom the data may be disclosed

Data can be communicated to subsequent recipients: 

  • Internal units involved in the execution and fulfillment of the respective business processes (e.g. hotels of the hotel group, central reservation, accounting, sales & marketing, IT organization)
  • Public bodies that receive data on the basis of legal regulations (e.g. law enforcement agencies, public authorities)
  • External contractors according to Art. 28 DSGVO (service providers)
  • Other external bodies (e.g. credit institutions, companies, provided that the data subjects have given their written consent or that transmission is permissible for overriding legitimate interests)
  1. Purpose of the data processing

The main purpose of the collection, processing or use of personal data is the administration, care and hospitality of guests within the framework of the accommodation contract in accordance with Art. 6 para. 1 lit. b DSGVO.

  1. Storage duration

The legislator has enacted a wide range of retention obligations and periods. After the expiry of these periods, the corresponding data and data records are routinely deleted or anonymized if they are no longer required for the fulfilment of the contract.

  1. Option for objection and elimination

The user can object to the processing of personal data at any time. We have set up the e-mail dir.berlin@sanahotels.com address for this purpose.

 

Online booking via the website

  1. Description and scope of data processing

Our website provides users with the opportunity to book rooms or make arrangements for the SANA Berlin Hotel. Should a user contact us via the contact form, the data entered in the input template shall be transferred to us and then stored. This data includes: first name, surname, e-mail address, telephone, e-mail, billing address and contact person for corporate customers, where appropriate, travel dates, wishes/requests, payment information (credit card), date and time.

The online reservation system TravelClick, Inc. carries out online bookings made via our website. The company is located at: 7 Times Square, 38th Floor, New York, USA. All booking details provided by you shall be transferred in encrypted form. Our contracting partner has agreed to handle your transmitted data in a manner compliant with data protection, and takes all organizational and technical measures to protect your data

  1. Legal basis for data processing

The conclusion of an accommodation contract with the user shall constitute the legal basis for data processing.

The transmitted data shall be stored in our hotel software and used for executing contracts. Should no contractual relationship arise, we shall delete the data after a period of one year from the year end.

  1. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of processing booking inquiries and completing payment transactions.

  1. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

  1. Option for objection and elimination

The user can object to the processing of personal data at any time. We have set up the e-mail address dir.berlin@sanahotels.com for this purpose.

Please note that in the case of an objection, we cannot complete the booking or continue to carry out correspondence.

 

Online booking via other websites

  1. Description and scope of data processing

SANA Berlin Hotel provides interested parties with the opportunity to book rooms and make arrangements via hotel reservation portals (third-party providers). If a user makes use of this opportunity, the data entered in the input template will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own privacy policy. Data may include the following: first name, surname, e-mail address, telephone, address, number of guests, expected time of arrival, requests/wishes, payment information (credit card).

No data shall be disclosed to third parties in this context. Data is used exclusively for processing the booking and for the purposes of correspondence, where appropriate.

If you make an online booking from our other websites, they will be incorporated into our hotel software by the channel manager of TravelClick, Inc., address: 7 Times Square, 38th Floor, New York, USA. All booking data you enter will be transmitted encrypted. Our contractual partner has committed himself to the data protection-compliant handling of your transmitted data. It takes all organizational and technical measures to protect your data.

  1. Legal basis for data processing

The conclusion of an accommodation contract with the user shall constitute the legal basis for data processing.

The transmitted data shall be stored in our hotel software and used for executing contracts. Should no contractual relationship arise, we shall delete the data after a period of one year from the year end.

  1. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of processing booking inquiries and completing payment transactions.

  1. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

SANA Berlin Hotel has no control over how long the respective hotel reservation portal stores data.

  1. Option for objection and elimination

The user can object to the processing of personal data at any time. We have set up the e-mail address dir.berlin@sanahotels.com for this purpose.

Please note that in the case of an objection, we cannot complete the booking or continue to carry out correspondence.

 

Support, advice and advertising for corporate customers

  1. Description and scope of data processing

For the support, advice and advertising of corporate customers, in addition to information about the business partner or potential business partner, we also collect and use information about the contact person, telephone number and postal address. The information is taken from a variety of sources, either by requesting it (e-mail or by phone) or at events, fairs, from business cards received by our sales staff, etc.

  1. Legal basis for data processing

Our legitimate interest in data processing shall otherwise constitute the legal basis for data processing. If the purpose of making contact is to conclude a contract, the initiation of a business relationship or of a contractual relationship shall constitute the additional legal basis for data processing. In order to improve our services, we manage all data received in the CRM module of our hotel software.

  1. Purpose of data processing

We use this contact information exclusively for our own purposes and to design our own sales activities based on demand.

  1. Storage duration

 No specific deadline has been set with regard to deletion. However, if our sales department has had no contact with a corporate contact for a period of three years, the sales team shall decide whether the data of the corporate contact person will be deleted.If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data shall be additionally stored in our hotel software and used to for executing contracts. Should no contractual relationship arise, we shall delete the data after a period of one year from the year end.

  1. Option for objection and elimination

The corporate contact can object to the processing of his personal data at any time. For this we have set up the email address dir.berlin@sanahotels.com. In this case, all personal data of the contact person that was saved for the business partner shall be deleted.

 

Online review

  1. Description and scope of data processing

Former guests may review the hotel after check-out. We would like to send you an email within 14 days of departure to ask you to submit a hotel review. Upon request, reviews can be published anonymously. If you did not enjoy your stay at our hotel, not felt comfortable in our hotel, we would like to take the opportunity to contact you. If you submit an online rating on our website, the data will be saved in the rating tool of REVIEW RANK, S.A., Calle Aribau, 240, 6-M, CP-08006 Barcelona, ​​Spain. REVIEW RANK, S.A. has committed to the data protection-compliant handling of your transmitted data. It takes all organizational and technical measures to protect your data. If you, as a former guest, take the opportunity to submit an online review, the data entered in the review template shall be stored. These data include: e-mail address and voluntary information such as first name, surname, language as well as the review statements.

  1. Legal basis for data processing

Our legitimate interest in data processing shall otherwise constitute the legal basis for data processing.

  1. Purpose of data processing

The purpose of hotel review is to communicate and summarize hotel guests’ opinions on our website and third-party websites so that interested parties can form their own opinion about our services. The results are also used for our internal quality management. The data is used exclusively for the publication of reviews and for mediation in case of negative reviews.

  1. Storage duration

Data shall not be deleted.

  1. Option for objection and elimination

You can object to the use of your email address to send a review email on the registration form. It is also possible to have the published review deleted at any time (right to be forgotten). For this purpose, we have set up the e-mail address dir.berlin@sanahotels.com. Please let us know to which review your request relates!

 

Newsletter service

 1. Description and scope of data processing

On our website, you can subscribe for SANA Hotels newsletter service. If you use this option, the data entered in the input template (email address) will be transmitted to SANA Hotels Portugal, S.A., Edifício Myriad Crystal Center, Cais das Naus, Lote 2.15.02, 1990-173 Lisboa, Portugal and saved. Should we otherwise receive an email address where the recipient clearly informs us that he would like to receive our newsletter, we will collect his data via the input template on our website. 

2. Legal basis for data processing

The legal basis for processing the data is the consent of the recipient. This is ensured by a double opt-in procedure. 

3. Purpose of data processing

The processing of personal data serves us only to send individual newsletters. 

4. Duration of storage

The data will be deleted as soon as the newsletter service is unsubscribed. 

5. Option for objection and elimination

As a recipient of newsletters, you have the option, at any time, to object to the use of your data for advertising purposes. Every newsletter provides you the option to unsubscribe the newsletter service. We have also set up the email address dir.berlin@sanahotels.com . Please inform us your e-mail address in your request! 

 

Your application for a job advertisement

1. Description and scope of data processing

On our website and via internet portals (especially hotelcareer.de) there is the possibility to apply for advertised positions. If you choose this option, as an applicant, the data transmitted to us can be saved and used.

These data are: 

• Title, first name, surname

• Contact details (e-mail address, telephone)

• Cover letter

• Attachment with detailed application Initially, the data is not shared with any third parties in this this context. The data is otherwise used exclusively for the processing of the application by the specialist department and for communication.  

2. Legal basis for data processing

The legal basis for the processing of the data is the contract negotiation process or the conclusion of a contract with the user. We will obtain your prior consent for the long-term storage of the application documents and to pass application to third parties. 

3. Purpose of data processing

The personal data is processed solely to enable us to handle the application. 

4. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, at the latest 6 months after rejection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial law, statutory or contractual retention requirements are met. 

5. Opposition and removal options

You have the option to object to the processing of your data at any time. For this purpose, please send an email to the same e-mail you used to send the job application. We have also set up the email address dir.berlin@sanahotels.com.

 

Provision of the website and creation of log files

  1. Description and scope of data processing

Each time this website is accessed, our system records data and information from the computer system of the inquiring computer, smartphone or other mobile device by means of an automated system. The following data are collected as part of this process:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s IP address
  • Time and date of access
  • Websites from which the user’s system has come to our website
  • Websites accessed by the user’s system via our website

This data is also stored in our system’s log files. This data is not stored together with other personal data of the user. It is therefore not possible to create personal user profiles. The stored data shall only be evaluated for statistical purposes.

  1. Legal basis for data processing

The legal basis for the temporary storage of data and log files is to safeguard our legitimate interests.

  1. Purpose of data processing

The system temporarily stores the user’s IP address in order to make the website available on the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

The storage in log files is carried out to ensure the functional capability of the website. The data also helps us to optimize the website and ensure the security of our IT systems.

The stored data can be evaluated for statistical purposes or for the purpose of tracking attacks on the website by third parties.

This is also the reasoning behind our legitimate interest in data processing.

  1. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected in order to make the website available, this is the case when the respective session ends.

When data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of users are deleted or scrambled so that assignment to the inquiring client (data subject) is no longer possible.

  1. Option for objection and elimination

The collection of data in order to make the website available and the storage of data in log files is necessary for operating the website. Therefore, there is no possibility for the user to object.

 

Use of cookies

  1. Description and scope of data processing

Cookies are small files that enable us to store specific user-related information on your computer when visiting our website. Cookies help us to determine the number of users who have used our website and the usage frequency, and they allow us to organize our products and services in the most convenient and effective way possible for you.

We use ‘session cookies’, which are stored temporarily on your computer for the period in which you use our website. Session cookies are stored on your data carrier and are used to ensure specific settings and functionalities on our website through your browser. The cookies we use will be deleted at the end of the browser session, i.e. when you close your browser.

We also use cookies on our website that allow for the analysis of user browsing habits. In this way, the following data can be transmitted: entered search terms, frequency of page views, use of website functions. Technical measures are employed to pseudonymize user data which is collected in this manner. As a result, it is not possible to assign data to an inquirer (data subject). The data will not be stored together with other user personal data. When visiting our website, the user is informed about the use of cookies for the purposes of analysis. His/her consent to the processing of personal data is also obtained in this context. The user is also referred to the data privacy policy at this point.

  1. Legal basis for data processing

Our legitimate interest in data processing shall constitute the legal basis for the processing of personal data using cookies that are technically necessary.

The provision of the user’s consent for this specific purpose shall constitute the legal basis for the processing of personal data using analysis-based cookies.

  1. Purpose of data processing

Cookies which are technically necessary are used to simplify website use for users. Some of our website’s functions cannot be offered without the use of cookies. These services require the browser to be recognized again following a page change. The user data collected by technically necessary cookies will not be used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Such cookies enable us to learn how the website is used so that we can continually improve our offer.

  1. Storage duration, option for objection and elimination

Cookies are stored on the user’s computer, which will transmit them to our website. This will grant you as the user complete control over the usage of cookies. You can deactivate or restrict the transmission of cookies by changing your Internet browser’s settings. Previously stored cookies can be deleted at any time. Cookies can also be deleted automatically. In the event that cookies are deactivated for our website, certain features of our website may no longer be available.

It is also possible to use our offers without any cookies or scripts. You may deactivate the storage of cookies and scripts in your browser, you may restrict cookies and script on certain websites, or you may set up your browser in such a way that you are notified whenever a cookie is activated. You can delete cookies from your computer’s hard drive at any time.

You can install a browser add-on to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser add-ons. These not only block every type of Javascript, they also block selected trackers, Java, Flash and other plug-ins on websites.

If you are concerned about third-party cookies, you can disable just these cookies and still enable the cookies which allow our website to function properly.

Please note, however, that these changes may affect the way in which the website is displayed or limit its functionality.

In the following, we provide further information about the cookies used on our website. These cookies allow us to tailor the features and content of the website to you by storing your preferences. Cookies can be used, for example, to store your user data in our forum or to make a language selection. They can also be used to provide interactive information so that you can view our virtual catalogues or watch videos, for example:

Cookie name: ISOTOPE_TEMP_CART

Valid: 1 month

Purpose of the cookies: The reservation function uses this cookie

 

  1. Supplementary information

In addition to the information provided above regarding the use of cookies, we would like to draw your attention to the following:

 

Use of Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing

Our website may use Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing. These services are provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’).

This website uses Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics uses so-called “cookies”. These are text files stored on the user’s computer which facilitate an analysis of website usage. The information generated by the cookie about the use of this website by the user is generally sent to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website however, your IP address will first be truncated by Google within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and truncated there in exceptional cases. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activities and to provide the website operator with other services related to website activity and Internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by changing the respective settings in your browser software; however, please note that you may not be able to use all features of this website in full. You may also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to using the browser add-on or within browsers on mobile devices, please click this link to prevent future detection by Google Analytics within this website. This will store an opt-out cookie on your device. If you delete your cookies, you must click this link again. The explanations provided above in Section XI No. 1 to 4 shall apply accordingly.

 

Deactivation of Google advertising

(http://www.google.com/privacy_ads.html) or on the opt-out page of the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp)

 

Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed by marketers using an interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record any personal data. The tool causes other tags to be activated which may, for their part, record data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated at the domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

 

Use of Social Media-Plug-ins

Plugins of the social network Facebook, operated by Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated on our website pages. You can recognize Facebook plug-ins by the Facebook logo or the ‘Like’ button on our pages. You can find an overview of Facebook plug-ins here: developers.facebook.com/docs/plugins/.

When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site from your IP address. If you click the Facebook ‘Like’ button while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. In this way, Facebook can attribute the visit on our webpages to your user account. Please note that we, as the provider of the webpages, do not receive any notification of the content of transmitted data from Facebook, nor do we receive any notification of its usage.

You can find more information about this in the data privacy policy of Facebook at de-de.facebook.com/policy.php. If you do not wish for Facebook to attribute the visit to your Facebook user account, please log out of your Facebook user account.

 

Protection of minors

This service is specifically aimed at adults. Currently, we do not have any services specifically aimed at children. As a result, we do not knowingly collect age rating information, nor do we knowingly collect personal information from children under the age of 16. We do, however, advise all visitors to our website who are under the age of 16 to avoid disclosing or providing any personal information to our service. In the event that we discover that a child under the age of 16 has provided personal information to us, we shall delete the child's personal information from our files, insofar as this is technically possible.

 

Rights of the data subject

When your personal data is processed, you become the data subject within the meaning of the GDPR and you shall have the following rights in relation to us (‘the data controller’):

You have a right to information about the personal data stored about you, including the purpose of processing, as well as about any transfer of data to third parties and the duration of data storage.

In case the data is incorrect or no longer required for the original purpose for which it was collected, you may request the data to be corrected, deleted or the data processing to be restricted. As far as provided in the processing procedures, you can also view and correct your data yourself, if it is necessary.

You shall have the right to object at any time, on compelling legitimate grounds relating to your particular situation, to the processing of your personal data, insofar as the processing is based on a legitimate interest. Following an objection, the data controller shall no longer process the personal data relating to you unless the data controller can prove compelling reasons for processing which warrant protection and which outweigh your interests, rights and freedoms, or can prove that the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such marketing; this also applies to profiling insofar as it is directly connected with such direct marketing. If you object to the processing for direct marketing or profiling purposes, the personal data relating to you shall no longer be used for these purposes.

You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.

 

Right to lodge a complaint with a Supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the member state of your habitual residence, place of work or the place of the alleged breach if you believe that the processing of personal data relating to you infringes data protection.

The regulatory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint including the possibility of judicial remedy.

Further information can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information by clicking this link.

 

Security

We are responsible to ensure the protection of your personal data. In order to protect your personal data unauthorized access and unlawful use, alteration, distribution or copying, we have taken appropriate technical and organizational measures, such as antivirus or Anti-spyware subject to permanent updates, SSL encryption of sensitive data (credit card, reservation form), firewalls, frequent backups or limited access to personal data, where needed.

We know that no security measure is 100% efficient and secure, but we are committed to protect the integrity and confidentiality of your personal data. For this purpose, we will continue to review and improve our security measures.

When you access our website using a username and a password created or selected by yourself, you are responsible for the appropriate confidentiality and protection of those credentials.

 

Last updated on May 2020