PRIVACY STATEMENT & DATA PROTECTION OFFICER
We appreciate your interest in our website.
This privacy statement informs you about the processing activities of your personal data in the context of our website.
The protection of your personal data and of your privacy is very important to us. Therefore, we process your data exclusively on the basis of the existing legal provisions [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of data, and repealing Directive 95/46/EC (GDPR), Data Protection Act 2018 (DSG 2018), ePrivacy Directive, Telecommunications Act 2003 (TKG 2003)].
1. Controller and data protection officer
Pursuant to Article 4 (7) of the GDPR, the controller for this website is the Grand Spa Wellnesshotel Betriebs GmbH (mentioned below as SPA RESORT STYRIA).
If you have any questions about the processing of your data by SPA RESORT STYRIA, you can contact us as indicated below:
- by mail to: Günther Zimmel, Bad Waltersdorf 351, 8271 Bad Waltersdorf
- by phone: telefonisch unter: +43-3333-31065-901
- by email to: firstname.lastname@example.org
The contact details of the SPA RESORT STYRIA Data Protection Officer are:
Bad Waltersdorf, 351, 8271 Bad Waltersdorf, Austria
Tel: +43 3333 31065-901
2. Processing of personal data when visiting the website
2.1 Processing of access data
When you visit our website, we store the access data in so-called web server log files. In addition, log entries in the drupal system are created. We collect the following data from you:
- IP address
- Date and time of access
- Language settings
- Operating system
- Referrer URL
- Your Internet service provider
Purpose of data processing
These data are statistically evaluated to further improve our online offer and make it more user-friendly, to find and fix bugs faster, and to control server capacity. Only in case of a concrete indication of illegal use of our website, we will use this data in a personal form for the purpose of prosecution.
Duration of storage
Your data will only be stored for a period of 5 years.
The legal basis for the processing of access data is the legitimate interest of SPA RESORT STYRIA (online service offer & data security) pursuant to Article 6 (1) (f) of the GDPR.
2.2.1 Use of technical cookies
In order to make the visit to our website as attractive as possible and to enable the use of certain functions, we use so-called cookies on various pages. These are small files that are stored on your device. They allow us to recognize your browser on your next visit. The cookies are set in accordance with EU and Austrian law (Art. 5 (3) E-Privacy Directive and Art. 96 (3) TKG 2003).
These are the following cookies:
name descpription duration of storage
_ga Used to distinguish users. 2 Years
_gid Used to distinguish users. 24 hours
_gat Used to reduce Request Rate. 1 minute
CookiesAccepted Set after the der Cookie Disclaimer is closed 1 year
You can set your browser in the way that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. However, disabling cookies may limit the functionality of our site.
The legal basis for the setting of the technical cookies is the legitimate interest of SPA RESORT STYRIA (online service offer & data security) according to Art. 6 para. 1 f DSGVO.
2.2.2 Use of third-party cookies
The following third-party cookies are set:
- Social Plug Ins
Only your interactions with us and our website are used to personalize our content and offers to you, not your behavior on other websites or elsewhere.
To prevent cookies from being set by advertisers, you can also block third-party cookies in your browser. Here are instructions for the most common browsers: Firefox, Chrome and Internet Explorer. In Apple’s Safari, third-party cookies are blocked by default.
2.2.3 Google Analytics
The legal basis for the use of Google Analytics is the legitimate interest of SPA RESORT STYRIA (Art. 6 (1) (f) GDPR), which involves the evaluation of the website and analysis of website activities.
Recipients of the data
These data are forwarded to Google for the stated purposes.
Duration of storage
The personal data is stored for a period of 14 month and then deleted.
2.3 Social Plugins
This website includes social plugins (“plugins”) which are the following:
- facebook, betrieben von Facebook Irland Limited, 4 Grand Canal Square, Dublin 2, Irland, FN 462932 / Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025
- Instagram, betrieben von Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA
The plugins are marked with a logo or the name of the operator. When you you visit a SPA RESORT STYRIA website that contains such a plugin, your browser establishes a direct connection to the server of the operators. The operator transmits the content of the plugin directly to your browser and integrates it into the website. By integrating the plugins, the operator receives the information that you entered the corresponding SPA RESORT STYRIA website. If you are logged in to your user account of the operator, he can assign the visit to your user account. If you interact with the plugins, for example by clicking on a plugin button, the corresponding information is transmitted directly from your browser to the operator and stored there. By logging out of your user account, you can prevent the operator from assigning the collected information to your user account.
- Facebook: https://www.facebook.com/privacy/explanation
- Instagram: https://help.instagram.com/155833707900388
The website includes links to other websites. These references to websites of other Internet users are provided as a service to cover wider information needs of the accessing party. SPA RESORT STYRIA has no influence on their content. SPA RESORT STYRIA assumes no liability for this content. The provider of the linked website is exclusively responsible for the content and correctness of the information provided there.
You have the possibility to subscribe to our newsletter.
In the course of the subscribtion to our newsletter Spa Resort Styria processes the following disclosed personal data:
- Name, Surname
Purpose of data processing
Your disclosed personal data in the course of the subscribtion to our newsletter will be processed for the following purposes:
- Sending of mailings about recent offers and news.
- Evaluation of the clicking behavior of the e-mail recipient in order to optimize the editorial offer via webanalytics.
The processing of your personal data by Spa Resort Styria is solely based on your given consent (Art 6 Abs 1 lit a GDPR) to the sending of the newsletter.
Duration of storage
The data, which is processed for the above mentionend purposes will basically be stored until the revocation of your consent to the sending of the newsletter. Furthermore only such data will be stored which is absolutely necessary in order to fulfill the applicable statutory provisions respectively the retention obligations for the purpose of evidence of your consent resp. your revocation.
Recipients of the data
For the purpose of sending of the newsletter your data will be forwarded to our service provider, who is processing our newsletter sendings.
Revocation of the consent
You can revoke your consent to the sending of the newsletter at any time via E-Mail to: email@example.com
You can also terminate the newsletter subscribtion via click on the button “unsubscribe newsletter”at the end of each newsletter.
5. Contact Form
We look forward to hearing from you.
When you contact us using the contact form, THERME SEEWINKEL BETRIEBSGESELLSCHAFT M.B.H processes your personal information indicated below:
- E-Mail address
- First name
- Last name
- Country (optional)
Purpose of data processing
The personal data that you provide when you contact us processed for the purposes of
- contacting you and,
- if applicable, establishing a business relationship with you.
The processing of your personal data for the purpose of contacting you is based on taking the necessary steps prior to entering into a contract pursuant to Article 6 (1) (b) of the GDPR.
Duration of storage
The data processed for the above-mentioned purposes will be processed for the duration of the business relationship and/or beyond that, up to the expiration of all legal storage periods.
6.Facebook Fan Page
SPA RESORT STYRIA is operating a Facebook fanpage, on which personal data is processed. SPA RESORT STYRIA as operator of this fanpage is also responsible in the sense of the data protection law.
Your data can be processed through cookies of the fanpage, regardless of whether you have a Facebook account or not. Only Facebook is responsible for the usage of the cookies. THERME SEEWINKEL BETRIEBSGESELLSCHAFT M.B.H has no influence in this regard. Details about the usage of the cookies can be found on (https://www.facebook.com/privacy/explanation) and (https://www.facebook.com/policies/cookies/). You can further download your own Facebook data directly on Facebook (download of the so called “extended archive” in your account settings).
Via the cookies your data can be forwarded to Facebook Inc. into the USA. Facebook is certified for the EU-US-Privacy-Shield, which means Facebook has to maintain a data protection standard towards users in Europe, which has been approved by the European Commission as being comparable to European standards. Apart from that Facebook might also apply cookies from third-party-providers. Those are listed here: https://www.facebook.com/policies/cookies/ . Their respective Cookie-guidelines can be found on the their respective websites.
You can revoke your declaration of consent regarding the storage, processing and usage of your data via cookies in the course of the usage of the fanpage anytime with effect to the future. In this case the processing of your data until the revocation remains legal
7. Data security
The security of your personal data is very important to us.
Taking into account the state of the art in terms of technology, the implementation costs and the nature, scope, circumstances and purposes of the data processing, as well as the likelihood and severity of the risk to the rights and freedoms of natural persons, SPA RESORT STYRIA implements appropriate technical and organizational measures within the meaning of Article 32 of the GDPR.
In this sense, the following measures, inter alia, are taken to protect your data and to protect against loss, destruction, access, modification and distribution by unauthorized persons:
- Ensuring the confidentiality, integrity, availability and resilience of systems and services related to data processing;
- Ensuring rapid restoration of the availability of personal data in the event of a physical or technical incident;
- Implementation of procedures for the periodic review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the safety of the data processing.
Please note that we do not accept any liability for the disclosure of information due to errors that are not attributable or attributable to us in data transmission and/or unauthorized access by third parties.
8. Your rights
You have the following rights as a user of our website:
- Right of access to information (Article 15 of the GDPR): You have the right to obtain confirmation from SPA RESORT STYRIA as to whether your personal data are being processed. In addition, you have the right to further information about the specific purposes of the processing, the categories of the personal data concerned, the recipients or categories of recipients of the personal data concerned, the storage period, the right to erasure or rectification of your personal data or restriction of processing and the right to object to such processing, the right to lodge a complaint and the right to any available information as to their source.
- Right to rectification (Article 16 of the GDPR): You have the right to obtain from SPA RESORT STYRIA the immediate rectification of your personal data. This right includes the rectification of inaccurate data and the completion of incomplete personal data.
- Right to erasure (Article 17 of the GDPR): You have the right to obtain from SPA RESORT STYRIA the immediate erasure of your personal data, provided that the reasons stated in Article 17 (1) (a) to (f) of the GDPR (e.g. the purpose for processing no longer applies) and the processing of your personal data is no longer required.
- Right to restriction of processing (Article 18 of the GDPR): In the cases mentioned in Article 18 of the GDPR (e.g. inaccuracy of the processed personal data, unlawfulness of the processing, etc.), you also have the right to obtain from SPA RESORT STYRIA the restriction of processing.
- Right to data portability (Article 20 of the GDPR): You have the right to receive your personal data that you have provided to SPA RESORT STYRIA in a structured and commonly used format and to have SPA RESORT STYRIA transmit this data to another controller (e.g. to another law firm).
- Right to object (Article 21 of the GDPR): You have the right to object at any time to the processing of your personal data on this website.
- Withdrawal of consent (Article 7 of the GDPR): You have the option of withdrawing any consent given to SPA RESORT STYRIA at any time.
- Right to lodge a complaint In addition, you can lodge a complaint at any time with the
Austrian Data Protection Authority at:
Österreichische Datenschutzbehörde [Austrian Data Protection Authority)
1080 Vienna, Austria
Telephone: +43 1 521 52-25 69
E mail: firstname.lastname@example.org
With the exception of the right to lodge a complaint with the Austrian Data Protection Authority, you can assert your rights with SPA RESORT STYRIA at the following address: