Confidential data handled responsibly
Personal data (such as name, e-mail address, telephone number) are processed and conveyed by the operator only in a lawful manner - in particular for the fulfillment of contractual or legal obligations, on the basis of predominant legitimate interests of the operator or on the basis of the consent of the user.
The lawfulness of data processing results from the Austrian Data Protection Act as well as from the regulation (EU) 2016/679 (GDPR). The legal basis is specifically detailed in the following processing.
The operator continuously optimises the presentation and services offered for the website users. In order to better understand how the pages are used, the operator saves the following data, short term, each time the site is accessed: name of the website visited, requested details, date/time, volume of data transmitted, message about successful retrieval of data, browser/version/language, operating system, previously visited sites, duration of use, country of origin and anonymised IP-address. By visiting this website, the user, in accordance to Article 6 (1) (a) of the GDPR, gives his/her consent to the short term storage of the IP address of the terminal. The user's IP-address will be deleted when use of the website is complete. The operator uses the aforementioned data anonymously only for statistical purposes in connection with the offer.
On making contact with the operator (eg. by contact formula or e-mail), the following user's information may be stored for the purpose of processing the request, as well as, in the case of follow-up questions: title, first name and surname, postal address, e-mail address, telephone number and additional inquiry-related information (eg. duration of stay, number of persons).
Personal data collected in this manner will be deleted by the operator within three years, after processing of the request has been completed. The personal data disclosed by the user will only be processed and used by the operator to the extent necessary in fulfilling the request and /or for the provision of the requested service.
In the course of this data processing, the operator may forward the collected personal data to the following third parties (see contact details).
Reporting requirementPursuant to the Austrian Reporting Law accommodation participants are required to provide the accommodation provider with the data specified in § 5 and § 10 of the Reporting Law. This relates to the following data:
- Name, date of birth, gender, nationality, country of origin, address plus postal code and
- for international guests - type, number, issue location and issuing authority of a travel document, and also the date of arrival and departure.
Guest registryOwing to our legal obligation arising from § 19 of the Reporting Law-Implementation Order, the accommodation provider shall maintain this data in a Guest Registry and save it for a period of 7 (seven) years, unless it is needed for a longer period of time for other purposes which are named in this Data Protection Statement. The Guest Registry shall be maintained by us in electronic format, and for this purpose the accommodation provider shall transfer the data to an IT services provider. The data shall thus be saved locally. No transmittal into a third country shall occur.
Transmittal of dataThe data categories of “arrival” and “departure,” linked with the country of origin, shall be transmitted to the community where the hospitality company is located, in accordance with § 6 of the Tourism Statistical Order. Also, aggregate data regarding the total number of overnight stays and total number of persons obligated to pay the room tax shall be provided to the Tourism Association of Paznaun - Ischgl, where the accommodation provider are members, and/or to the community. This shall be handled on the basis of § 19 of the Tyrol Accommodation Law.
Legal basis for data processingData processing pursuant to the above Sections 1.1 to 1.3 shall be based on Art. 6 para. 1 lit. c of the DSGVO.
Additional data transmittal to the TVB/MunicipalityIn addition, the accommodation provider shall provide your postal code and year of birth (in a pseudonymized and/or anonymized form) to our municipality and to our TVB for statistical purposes in order to prepare and evaluate the origin and age statistics by the Tourism Association (TVB). This transmittal is based on Art. 6 para. 1 lit. e (transmittal in the public interest) and lit. f (predominate lawful interest) DSGVO. However, you may file an opposition at any time for reasons relating to your particular situation (Art. 21 para. 1 DSGVO).
General informationThe accommodations participant are entitled to obtain a guest card. The guest card grants the owner benefits and/or services at various companies in the region (e.g. reduced admission fees). The guest card is valid for the period of your visit.
Issuance of the Guest CardThe guest card will be issued and validated by the accommodation provider solely at your request. It will be issued according to the Guest Card system employed by the TVB and/or by the accommodation company, either in the form of
- an electronically generated guest card,
- a Guest Card issued on your cell phone or
- a copy of your reservation slip.
Processed Personal DataThe following personal data, obtained from the reservation data (see Section 1 above) will be processed both for the electronically generated, and also for the cell phone-provided Guest Card:
- First and last name, date of birth, country of origin/postal code and the date of arrival and departure.
If the Guest Card is issued in the form of the “reservation slip,” then it will contain the information required by § 5 in connection with § 9 of the Reservations Law (see Section “Reservation Data”). In this case, no electronic processing will be performed relating to the Guest Card.
When using the Guest Card, the following additional personal data will be processed:
- Data relating to the frequency of use of the particular card, service requested, reservations, transaction logging, reference to the reservation data and accommodation company.
This data is required firstly to verify your identity and secondly to verify the validity of the Guest Card for the particular service requests, and if necessary, to allow invoicing of the benefits between the service providers, the TVB and any accommodation companies involved.
Legal Basis for Data ProcessingDie Verarbeitung der Daten für Zwecke der Gästekarte erfolgt aufgrund Ihrer Einwilligung (Art. 6 Abs 1 lit a DSGVO).
Processing of the data for purposes of the Guest Card shall proceed pursuant to your consent (Art. 6 para. 1 lit. a DSGVO). Your consent can be withdrawn at any time by giving oral or written instructions to the accommodation provider at the email address firstname.lastname@example.org.
Operation of the Guest Card SystemThe Guest Card System is operated by the local tourism association (TVB). In addition, local accommodation operators and local companies (service providers) are involved. The data that is processed for the Guest Card will be deleted after 40 (forty) months, unless additional retention is necessary for other lawful purposes (e.g. reporting requirements).
Receivers of the DataData processed for purposes of the Guest Card will be provided to the local Tourist Association for invoicing to the service providers and/or accommodation operators. The individual service providers who provide beneficial services based on the Guest Card, likewise will receive the data, provided you have used the Guest Card services provided by these companies.
To claim the benefits, you must present the particular Guest Card on which the data is recorded, and thus disclose the data to the service provider. The company will then check whether the card is (still)valid, usually by reading the bar code on the Guest Card and by transmitting the bar code data to our IT services provider. At this time personal data will be transmitted to the company, in particular also your identity data (to verify your identity and date of birth).
If the Guest Card has been issued in the form of a reservation slip, then its validity will be checked based on the copy of the reservation slip.
Use of the website is also possible without cookies. The user can deactivate the storage of cookies in his browser, limit cookies to certain websites or set his browser to send a notification before a cookie is stored. The user can delete cookies, at any stage, from the device's hard disk using the browser's privacy functions. In this case, the website's functions and user-friendliness could be restricted. The user's consent forms the legal basis of data processing, in the context of cookies, via the cookie banner.
What is Google Maps?
On our website we use Google Maps of the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). With the use of Google Maps, we can show you locations in a better way and can therefore adjust our service to your needs. Due to the utilisation of Google Maps, data gets transferred to Google and is saved on Googleâs servers. In the following, we want to explain in detail what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.
Google Maps is an internet maps service of the company Google Inc. With Google Maps you can search for exact locations of cities, sights, accommodations or businesses online via a PC, a tablet or an app. If businesses are represented on Google My Business, the respective location as well as other information about the company are shown there. In order to show route directions, a locationâs map sections can be integrated in a website through a HTML-code. Google Maps depicts the earthâs surface as either a road map or as air and satellite images. Due to the street view and high-quality satellite images, it is possible for exact representations to be made.
Why do we use Google Maps on our website?
The efforts we make on this page have the goal of giving you a useful and meaningful experience on our website. Through the integration of Google Maps, we can offer you essential information on various locations. Therefore, you can spot our office address with one glance. Furthermore, the route directions always show you the best and fastest way to us. You can retrieve the route directions for traveling either by car, by public transport, on foot or by bike. The integration of Google Maps is a part of our customer service.
What data is stored by Google Maps?
For Google Maps to offer its full services, the company must collect and store your data. This includes your entered search terms, your IP-address as well as your longitude and latitude coordinates. When you use the route-planner function, the entered start address is stored also. However, this data retention happens on Google Mapsâ websites. We can only inform you about it but cannot influence it in any way. Since we have included Google Maps on our website, Google will set at least one cookie (Name: NID) into your browser. This cookie saves data on your user behaviour. Google primarily uses this data to optimise ist own services and to provide you with individual, personalised advertisements.
The following cookies are set in your browser due to the integration of Google Maps:
Purpose: Google uses NID in order to adjust advertisments to your Google searches. With the cookieâs help Google âremembersâ your most frequently entered search queries or your previous interaction with ads. That way you always receive customised adertisments. The cookie contains a unique ID, wich Google uses to collect your personal settings for advertising porposes.
Expiration date: after 6 months
How long and where is the data stored?
There are Google servers in data centres across the entire planet. However, most servers are in America. For this reason, your data is widely stored in the USA. Here you can read in detail about where the Google servers are located: https://www.google.com/about/datacenters/locations/?hl=en
Google distributes data to various data carriers. This makes it possible to retrieve the data faster and to better protect it from possible attempted manipulations. Every server has emergency programs. Thus, should for example a problem with Googleâs hardware occur or should a natural disaster impact the servers, any data will quite certainly stay protected.
Moreover, Google saves some data for a specified period. With some other data on the other hand, Google only offers the opportunity for deleting it manually. Furthermore, the company anonymises information (e.g. advertising data) in server logs, by deleting a part of the IP-address and cookie information after 9 to 18 months.
How can I erase my data, or prevent data retention?
Due to the automatic delete function for location and activity data, which was introduced in 2019, information that is used for determining your location and web or app activity is saved for either 3 or 18 months, depending on your preferred decision, and is deleted thereafter. Furthermore, it is possible to delete this data manually from your browser history via your Google account anytime. If you want to prevent the determination of your location altogether, you must pause the category âWeb and app activityâ in your Google account. Click on âData and personalisationâ and then choose the option âActivity controlsâ. Here you can switch the activities on or off.
Moreover, in your browser you can deactivate, delete or manage individual cookies. This function can differ a little, depending on what browser you are using. The following instructions will show you how to manage cookies in your browser:
If you generally do not want to permit any cookies, you can set up your browser in a way that ensures you get informed whenever a cookie is about to be placed. That way you can decide to either permit or refuse every single cookie.
Please note, that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries must not simply be transferred to, stored and processed there unless there are suitable guarantees (such as EU Standard Contractual Clauses) between us and the non-European service provider.
If you have consented to the use of Google Maps, your consent is the legal basis for the corresponding data processing. According to Art. 6 paragraph 1 lit. a GDPR (consent) this consent is the legal basis for the processing of personal data, as can occur when processed by Google Maps.
We also have a legitimate interest in using Google Maps to optimise our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Google Maps if you have given your consent to it.
Google processes data from you, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Additionally, Google uses so-called Standard Contractual Clauses (Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the EU Commission and are designed to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.
The Google Ads Data Processing Terms, which reference the standard contractual clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.
What is: reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome flesh and blood people to our site. Bots or spam software of any kind may confidently stay at home. That's why we pull out all the stops to protect ourselves and provide the best possible user experience for you. For this reason we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a 'bot-free' website. By using reCAPTCHA, data is sent to Google to determine if you are actually human, so reCAPTCHA is used to keep our website safe, and by extension, keep you safe. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during registration, in order to subsequently "spam" forums or blogs with unwanted advertising. With reCAPTCHA we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website really come from humans. Thus, the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube Gmail, etc.) are already placed on your browser. Then, reCAPTCHA sets an additional cookie on your browser and collects a snapshot of your browser window.
The following list of collected browser and user data, does not claim to be exhaustive. Rather, they are examples of data that, to our knowledge, are processed by Google:
- Referrer URL (the address of the page from which the visitor comes).
- IP address (e.g. 220.127.116.11)
- Info about the operating system (the software that allows your computer to run. Known operating systems are Windows. Mac OS X or Linux)
- Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored)
- Date and language settings (which language or date you have preset on your PC is saved)
- Screen resolution (shows how many pixels the image consists of).
It is undisputed that Google uses and analyzes this data even before you click the "I am not a robot" checkbox. With the Invisible reCAPTCHAN version even the ticking is omitted and the whole recognition process runs in the background. How much and which data Google stores exactly, Google does not tell you in detail.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version.
Purpose: This cookie is set by the Doubleclick company (also owned by Google) to register and report a user's actions on the website in dealing with advertisements. In this way, advertising effectiveness can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year
Purpose: This cookie collects statistics on website usage and measures conversions A conversion occurs, for example. when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. The cookie can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month
Expiration date: after 9 months
Purpose: The cookie stores the status of a user's consent to use different services provided by Google. CONSENT is also used for security purposes to verify user. Prevent login information fraud and protect user data from unauthorized attacks.
Expiration date: after 19 years
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google "remembers" your most entered search queries or your previous interaction with ads. This way you will always get tailored ads. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Expiration date: after 6 months
Purpose: Once you tick the "I am not a robot" box, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is further used to make user distinctions.
Expiration date: after 10 minutes
Note: This list cannot claim to be exhaustive, as experience has shown that Google also changes the choice of its cookies time and again.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated inquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA PIugin, the data will be merged. The deviating data protection regulations of the Google company apply to this.
How can I delete my data or prevent data storage?
If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. Basically, the data is automatically transmitted to Google as soon as you visit our site. To delete this data, you must contact Google support.
Therefore, when you use our website, you agree that Google LLC and its agents automatically collect, process and use data.
Please note that when you use this tool, data about you may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are suitable safeguards (such as EU standard contractual clauses) between us and the non-European service provider.
If you have consented to Google reCAPTCHA being used, the legal basis for the corresponding data processing is this consent. According to Art, 6 para, 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as it may occur in the case of both collection by Google reCAPTCHA.
On our part, there is also a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. ( DSGVO (Legitimate Interests). Nevertheless, we only use Google reCAPTCHA if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (:=Art. 46. para. 2 and 3 DSGVU), standard contractual clauses (Standard Contractual Clauses ' SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European level of data protection when processing its relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can ﬁnd the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be ﬁnd at https://business.safety.google/intl/de/adsprocessorterms/. You can learn a bit more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google does go into more detail here about the technical development of reCAPTCHA, but you will search in vain for precise information about data storage and privacy-related issues there as well. A good overview of Google's basic use of data can be found in the company's own privacy statement at https://www.google.com/intl/de/policies/privacy/.
Source: Created with the privacy generator from AdSimple
To better assist you in your booking, we have integrated the HolidayCheck.at review tool into our platform. With this tool, you can submit reviews for our hotel, providing valuable information to other travelers.
We value your trust and are committed to safeguarding your privacy and data security. If you have any further questions or concerns about data privacy, please do not hesitate to contact us. We are here to help ensure that your booking experience is as enjoyable and secure as possible.
To improve our products, automated data processing techniques are used to analyse user behaviour (ie. profiling).
The operator, according to Article 107 (3) of the Telecommunications Act 2003 (TKG 2003) and Article 6 (1) (a) of the GDPR, reserves the right to save the following data permanently and for sending offers and information on services and offers provided by the operator by mail or e-mail, for the purposes of their own advertising purposes: title, first name, surname, postal address, e-mail address, telephone number. The user may object to the processing of his data for this purpose, during the collection, and at any time thereafter by sending an e-mail to email@example.com.
You can feel assured with us
Furthermore, the user has more rights, which are granted by law. These are shown clearly below.
Right to be informed:
It is your right to be informed, if and to what extent your data is processed by us.
Right to Rectification:
If we process incomplete or incorrect personal data about you, you may request a correction or completion at any time.
Right to Erasure / the Right "to be forgotten":
If your personal data is unlawfully processed, you have the right to demand the deletion of your personal data from us. There may well be reasons opposing an immediate deletion (retention requirements or other legal obligations).
Right to Restriction of Processing:
If you contest the accuracy of data, you may request that your data be restricted for the duration of the audit if the processing of your personal information is unlawful, but you do not wish the data to be deleted if it is no longer required for the agreed purpose, as you may need the data for asserting / enforcing legal claims, or if you have objected to the processing of the data.
Right to Data Portability:
You have the right to demand the publication of the data provided by you in machine-readable form, provided that processing takes place on the basis of a consent or a contract.
Right to Objection to Processing:
If the processing of your personal data serves the purpose of performing public-interest tasks, the exercise of official authority or if we have a legitimate interest, you can object to this data processing if there is a legitimate interest in your personal data.
Right of Appeal:
If, in your opinion, the processing of your personal data violates Austrian or European data protection law, please contact us to clarify any questions. Of course you have the right to complain to the Austrian Data Protection Authority (Hohenstaufengasse 3, 1010 Vienna),
Assertion of Rights:
In order to assert one of the aforementioned rights, please contct us by e-mail at firstname.lastname@example.org. We will be pleased to help you further.
Confirmation of Identity:
To protect your rights and your privacy, in case of doubt, we are entitled to request proof of identity.
Right to Claim for Fees:
If you claim that one of the above-mentioned rights is manifestly unfounded or particularly frequent, we are entitled to charge an appropriate processing fee or refuse to process the application.
IT service provider
Phone: +43 512 7280 0
Fax: +43 512 7280 1080