Skip to main content
SummerWinter
Availability

Privacy Policy

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offerings and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).
Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions provided in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Genießer- & Wanderhotel Jägerhof
Familie Augscheller
Walten 80
I-39015 St. Leonhard Passeiertal/Südtirol - Italy
www.jagerhof.net/imprint/

Types of Data Processed

- Inventory Data (e.g., names, addresses)
- Contact Data (e.g., email addresses, phone numbers)
- Content Data (e.g., text entries, photographs, videos)
- Usage Data (e.g., visited websites, interest in content, access times)
- Meta/Communication Data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offering (hereinafter, we collectively refer to the data subjects as “users”).

Purpose of Processing

- Provision of the online offering, its functions, and content
- Responding to contact requests and communication with users
- Security measures
- Reach measurement / marketing

Used Terminology

“Personal data” means all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and practically encompasses any handling of data. “Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person. “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the data subject’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Applicable Legal Basis

Pursuant to Article 13 of the GDPR, we inform you of the legal bases for our data processing activities. Unless otherwise specified in this privacy policy, the following applies:
- The legal basis for obtaining consents is Article 6(1)(a) and Article 7 GDPR
- The legal basis for processing to provide our services, perform contractual obligations, and respond to inquiries is Article 6(1)(b) GDPR
- The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR
- The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR
In cases where the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis

Security Measures

In accordance with Article 32 of the GDPR, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures particularly include ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transmission, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data breaches. In addition, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Article 25 GDPR).

Cooperation with Processors and Third Parties

Whenever we disclose data to other persons or companies (processors or third parties), transmit data to them, or otherwise grant them access to data in the course of our processing activities, this is done only on the basis of a legal permission (e.g., if the transfer of data to third parties such as payment service providers is necessary for the performance of a contract pursuant to Article 6(1)(b) GDPR), if you have given your consent, if a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using service providers, web hosting providers, etc.). If we engage third parties to process data on the basis of a so-called “processor agreement,” this is done in accordance with Article 28 GDPR.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using services of third parties or the disclosure or transfer of data to third parties, this is done only if it is necessary for the fulfillment of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we only process or have data processed in a third country if the special conditions of Articles 44 et seq. GDPR are met. This means, for example, that processing takes place based on special safeguards, such as an officially recognized adequacy decision of the EU regarding the level of data protection (e.g., for the USA via the “Privacy Shield”) or compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects

You have the right to request confirmation as to whether personal data concerning you is being processed, as well as access to such data and additional information, and to receive a copy of the data in accordance with Article 15 GDPR. You have the right, in accordance with Article 16 GDPR, to request the completion of personal data concerning you or the correction of inaccurate data concerning you. You have the right, pursuant to Article 17 GDPR, to request the deletion of personal data concerning you without undue delay, or alternatively, pursuant to Article 18 GDPR, to request a restriction of processing. You have the right to receive the personal data you have provided to us in accordance with Article 20 GDPR and to request the transfer of such data to another controller. Furthermore, in accordance with Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Right of Withdrawal

You have the right to withdraw any consent you have given in accordance with Article 7(3) GDPR at any time, with effect for the future.

Right to Object

You may object at any time to the future processing of your personal data in accordance with Article 21 GDPR. In particular, you have the right to object to the processing of your data for the purposes of direct marketing.

Cookies and Right to Object to Direct Marketing

Cookies are small files stored on users’ devices. Different information can be saved within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, also called “session cookies” or “transient cookies,” are deleted after a user leaves an online offering and closes their browser. Such a cookie may, for example, store the contents of a shopping cart in an online shop or a login status. Permanent cookies, also called “persistent cookies,” remain stored even after the browser is closed. For example, the login status can be retained when users return after several days. Additionally, such cookies may store user preferences, which can be used for reach measurement or marketing purposes. Third-party cookies are cookies provided by other providers than the controller operating the online offering (otherwise, if only the controller’s cookies are used, they are called “first-party cookies”). We may use both temporary and permanent cookies and provide information about this within our privacy policy. If users do not wish for cookies to be stored on their devices, they are requested to disable the corresponding option in their browser settings. Stored cookies can also be deleted via the browser settings. Please note that disabling cookies may lead to functional limitations of this online offering. A general objection to the use of cookies for online marketing purposes, especially for tracking, can be made via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookie storage can be prevented by disabling cookies in the browser settings. Please note that not all functions of this online offering may be available in that case.

Deletion of Data

The data we process is deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless explicitly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and no legal retention obligations prevent its deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax-related reasons.
Under legal requirements in Germany, retention periods are, in particular:
- 10 years in accordance with §§ 147(1) AO, 257(1) Nos. 1 and 4, 257(4) HGB (books, records, reports, booking documents, commercial books, documents relevant for taxation, etc.)
- 6 years in accordance with § 257(1) Nos. 2 and 3, 257(4) HGB (commercial correspondence).
Under legal requirements in Austria, retention periods are, in particular:
- 7 years according to § 132(1) BAO (accounting documents, receipts/invoices, accounts, business papers, income and expenditure statements, etc.)
- 22 years in connection with real estate
- 10 years for documents related to electronically supplied services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states, for which the Mini One Stop Shop (MOSS) is applied.

Business-Related Processing

In addition, we process
- Contract data (e.g., subject of the contract, duration, customer category)
- Payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purposes of providing contractual services, service and customer care, marketing, advertising, and market research

Contact

When contacting us (e.g., via contact form, email, phone, or social media), the information provided by the user is processed for the purpose of handling and responding to the contact request in accordance with Article 6(1)(b) GDPR. User information may be stored in a Customer Relationship Management (CRM) system or a comparable request management system. We delete contact requests when they are no longer necessary. The necessity is reviewed every two years. In addition, statutory retention obligations apply.

Newsletter

The following information informs you about the content of our newsletter, the registration, sending, and statistical evaluation process, as well as your rights to object. By subscribing to our newsletter, you consent to receiving it and to the described procedures. Newsletter Content: We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter “Newsletter”) only with the consent of the recipients or on the basis of a legal permission. If the content of the newsletter is specifically described during the subscription process, this description is decisive for the user’s consent. Otherwise, our newsletters contain information about our products and accompanying information (e.g., safety instructions), offers, promotions, and our company. Double Opt-In and Logging: Subscription to our newsletter is carried out via a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register using someone else’s email address. Newsletter registrations are logged to document the subscription process in accordance with legal requirements. This includes storing the date and time of registration and confirmation, as well as the IP address. Changes to the data stored with the service provider are also logged. Subscription Data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we may ask for your name in order to address you personally in the newsletter. The sending of the newsletter and the associated success measurement is based on the consent of the recipients pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with § 107(2) TKG, or on the basis of legal permission pursuant to § 107(2) and (3) TKG. The logging of the subscription process is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and user expectations, while also allowing us to demonstrate consent. Cancellation/Withdrawal: You can unsubscribe from our newsletter at any time, i.e., revoke your consent. A link to unsubscribe is provided at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to document previously given consent. The processing of these data is limited to the purpose of possible defense against claims. An individual deletion request can be made at any time, provided that the previous existence of consent is confirmed.

Newsletter – CleverReach

The newsletters are sent using the newsletter service provider CleverReach, a newsletter delivery platform by CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany. The privacy policy of the service provider can be viewed here: https://www.cleverreach.com/de/datenschutz/. The service provider is used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and a data processing agreement in accordance with Art. 28(3) sentence 1 GDPR. CleverReach may use the recipients’ data in pseudonymous form, i.e., without direct assignment to an individual user, to optimize or improve its services, for example, for the technical optimization of sending and displaying newsletters or for statistical purposes. However, the service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.

Newsletter – Performance Measurement

The newsletters contain a so-called web beacon, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if a service provider is used, from the provider’s server. During this retrieval, technical information such as details about your browser and system, as well as your IP address and the time of retrieval, is collected. This information is used to technically improve the services based on technical data or to analyze target groups and their reading behavior based on retrieval locations (which can be determined using the IP address) or access times. Statistical evaluations also include determining whether the newsletter was opened, when it was opened, and which links were clicked. For technical reasons, this information can be associated with individual newsletter recipients. However, it is neither our intention nor, if applicable, that of the service provider, to monitor individual users. The evaluations are primarily used to understand our users’ reading habits and to tailor our content to them or to send different content according to the interests of our users.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services, which we use for the operation of this online offering. In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta/communication data of customers, prospects, and visitors of this online offering based on our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of Access Data and Log Files

We, or our hosting provider, collect data on every access to the server hosting this service (so-called server log files) based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Access data include the name of the requested web page, file, date and time of access, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data that needs to be retained for evidentiary purposes are exempt from deletion until the respective incident is finally resolved.

Google Analytics

Based on our legitimate interests (i.e., the interest in analyzing, optimizing, and operating our online offering efficiently pursuant to Art. 6(1)(f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield framework, providing a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google uses this information on our behalf to evaluate users’ use of our online offering, to compile reports on activities within this online offering, and to provide us with other services related to the use of this online offering and the internet. In this process, pseudonymous usage profiles of users may be created from the data processed.

We use Google Analytics only with IP anonymization enabled. This means that the user’s IP address is shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly. In addition, users can prevent Google from collecting the data generated by the cookie and related to their use of the online offering, as well as the processing of these data by Google, by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data usage by Google, options for settings and objections, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) as well as in the settings for Google ad personalization (https://adssettings.google.com/authenticated).

Users’ personal data are deleted or anonymized after 14 months.

Onlinepräsenzen in sozialen Medien

We maintain online presences on social networks and platforms to communicate with customers, prospects, and users active there, and to inform them about our services. When accessing the respective networks and platforms, the terms of use and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within the social networks and platforms, for example, by posting on our online presences or sending us messages.

Integration of Third-Party Services and Content

Based on our legitimate interests (i.e., the interest in analyzing, optimizing, and efficiently operating our online offering pursuant to Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers within our online offering to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).

This always requires that the third-party providers of this content perceive the users’ IP addresses, as they could not deliver the content to their browsers without the IP address. The IP address is therefore necessary for displaying this content. We endeavor to use only content whose respective providers use the IP address solely for delivering the content.

Furthermore, third-party providers may use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags allow information, such as visitor traffic on the pages of this website, to be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online offering, and may be combined with such information from other sources.

Google Maps

We integrate the maps of the service “Google Maps” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, users’ IP addresses and location data, which, however, are not collected without the user’s consent (usually provided via the settings of their mobile devices). The data may be processed in the USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated

Use of Facebook Social Plugins

Based on our legitimate interests (i.e., the interest in analyzing, optimizing, and efficiently operating our online offering pursuant to Art. 6(1)(f) GDPR), we use social plugins (“Plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may include interactive elements or content (e.g., videos, graphics, or text posts) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the terms “Like,” “Gefällt mir,” or a “thumbs-up” symbol) or are marked with the label “Facebook Social Plugin.” A list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield framework and thus provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. This may result in the creation of usage profiles. We have no influence on the extent of the data that Facebook collects through this plugin and inform users based on our knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plugins, e.g., by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from their device to Facebook and stored there. Even if a user is not a Facebook member, Facebook may still obtain and store their IP address. According to Facebook, in Germany, only an anonymized IP address is stored.

Users can find information about the purpose and scope of data collection, further processing, and use of the data by Facebook, as well as their rights and privacy settings, in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their Facebook account, they must log out of Facebook and delete their cookies before using our online offering. Additional settings and objections to the use of data for advertising purposes can be made within the Facebook account settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. These settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.

Shariff sharing functions

We use the privacy-friendly “Shariff” buttons. “Shariff” was developed to provide more privacy online and to replace the usual social network “Share” buttons. In this process, it is not the user’s browser but the server hosting this online service that connects to the servers of the respective social media platforms and, for example, retrieves the number of likes, etc. The user remains anonymous. More information about the Shariff project can be found from the developers at the magazine c't: www.ct.de.
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke