Find your favorite room

  • Rooms
    1
  • Guests
    2

Privacy

Data Protection

PRIVACY STATEMENT & DATA PROTECTION OFFICER

We appreciate your interest in our website.
This privacy statement informs you about the processing activities of your personal data in the context of our website.

The protection of your personal data and of your privacy is very important to us. Therefore, we process your data exclusively on the basis of the existing legal provisions [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of data, and repealing Directive 95/46/EC (GDPR), Data Protection Act 2018 (DSG 2018), ePrivacy Directive, Telecommunications Act 2003 (TKG 2003)].

1. Controller and data protection officer

The data protection officer pursuant to Art. 4 Z 7 DSGVO for this website is Grand Spa Wellnesshotel Betriebs GmbH. (hereinafter referred to as Spa Resort Styria).
If you have any questions regarding the processing of your data by the Grand Spa Wellnesshotel Betriebs GmbH, you are welcome to contact us, or our data protection officer, as follows:
by letter to: Data Protection Officer / Spa Resort Styria, Bad Waltersdorf 351, 8271 Bad Waltersdorf.
by telephone at: +43-3333-31065

by e-mail to:
datenschutz@sparesortstyria.com

2. Processing of personal data when visiting the website
2.1 Processing of access data

When you visit our website, we store the access data in so-called web server log files. In addition, log entries in the drupal system are created. We collect the following data from you:

  • IP address
  • Date and time of access
  • Browser
  • Language settings
  • Operating system
  • Referrer URL
  • Your Internet service provider

Purpose of data processing
These data are statistically evaluated to further improve our online offer and make it more user-friendly, to find and fix bugs faster, and to control server capacity. Only in case of a concrete indication of illegal use of our website, we will use this data in a personal form for the purpose of prosecution.

Duration of storage
Your data will only be stored for a period of 5 years.

Legal basis
The legal basis for the processing of access data is the legitimate interest of SPA RESORT STYRIA (online service offer & data security) pursuant to Article 6 (1) (f) of the GDPR.

2.2 Cookies
2.2.1 Use of technical cookies

In order to make the visit to our website as attractive as possible and to enable the use of certain functions, we use so-called cookies on various pages. These are small files that are stored on your device. They allow us to recognize your browser on your next visit. The cookies are set in accordance with EU and Austrian law (Art. 5 (3) E-Privacy Directive and Art. 96 (3) TKG 2003).

These are the following cookies:

name descpription duration of storage
_ga Used to distinguish users. 2 Years
_gid Used to distinguish users. 24 hours
_gat Used to reduce Request Rate. 1 minute
CookiesAccepted Set after the der Cookie Disclaimer is closed 1 year

You can set your browser in the way that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. However, disabling cookies may limit the functionality of our site.

Legal basis
The legal basis for the setting of the technical cookies is the legitimate interest of SPA RESORT STYRIA (online service offer & data security) according to Art. 6 para. 1 f DSGVO.

2.2.2 Use of third-party cookies

SPA RESORT STYRIA uses various services for this website which also use cookies.

The following third-party cookies are set:

  • Google
  • Social Plug Ins

Only your interactions with us and our website are used to personalize our content and offers to you, not your behavior on other websites or elsewhere.

To prevent cookies from being set by advertisers, you can also block third-party cookies in your browser. Here are instructions for the most common browsers: Firefox, Chrome and Internet Explorer. In Apple’s Safari, third-party cookies are blocked by default.

2.2.3 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies that allow the analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address provided by Google Analytics will not be merged with other Google data. You can prevent the collection by Google of the data (including your IP address) generated by the cookie and related to your use of the website by downloading and installing the browser plug-in available at the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).

Legal basis
The legal basis for the use of Google Analytics is the legitimate interest of SPA RESORT STYRIA (Art. 6 (1) (f) GDPR), which involves the evaluation of the website and analysis of website activities.

Recipients of the data
These data are forwarded to Google for the stated purposes.

Duration of storage
The personal data is stored for a period of 14 month and then deleted.

2.3 Social Plugins

This website includes social plugins (“plugins”) which are the following:

  • facebook, betrieben von Facebook Irland Limited, 4 Grand Canal Square, Dublin 2, Irland, FN 462932 / Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025
  • Instagram, betrieben von Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA

The plugins are marked with a logo or the name of the operator. When you you visit a SPA RESORT STYRIA website that contains such a plugin, your browser establishes a direct connection to the server of the operators. The operator transmits the content of the plugin directly to your browser and integrates it into the website. By integrating the plugins, the operator receives the information that you entered the corresponding SPA RESORT STYRIA website. If you are logged in to your user account of the operator, he can assign the visit to your user account. If you interact with the plugins, for example by clicking on a plugin button, the corresponding information is transmitted directly from your browser to the operator and stored there. By logging out of your user account, you can prevent the operator from assigning the collected information to your user account.
The purpose and scope of the data collection and the processing of the data as well as the use of the data by the operator including your related rights and setting options for the protection of your privacy can be found in the respective privacy policy:

3. Linking

The website includes links to other websites. These references to websites of other Internet users are provided as a service to cover wider information needs of the accessing party. SPA RESORT STYRIA has no influence on their content. SPA RESORT STYRIA assumes no liability for this content. The provider of the linked website is exclusively responsible for the content and correctness of the information provided there.

4. Newsletter

You have the possibility to subscribe to our newsletter.

Data Processing:
In the course of the subscribtion to our newsletter Spa Resort Styria processes the following disclosed personal data:

  • Mr./Mrs.
  • Title
  • Name, Surname
  • E-Mail

Purpose of data processing
Your disclosed personal data in the course of the subscribtion to our newsletter will be processed for the following purposes:

  • Sending of mailings about recent offers and news.
  • Evaluation of the clicking behavior of the e-mail recipient in order to optimize the editorial offer via webanalytics.

Legal basis
The processing of your personal data by Spa Resort Styria is solely based on your given consent (Art 6 Abs 1 lit a GDPR) to the sending of the newsletter.

Duration of storage
The data, which is processed for the above mentionend purposes will basically be stored until the revocation of your consent to the sending of the newsletter. Furthermore only such data will be stored which is absolutely necessary in order to fulfill the applicable statutory provisions respectively the retention obligations for the purpose of evidence of your consent resp. your revocation.

Recipients of the data
For the purpose of sending of the newsletter your data will be forwarded to our service provider, who is processing our newsletter sendings.

Revocation of the consent
You can revoke your consent to the sending of the newsletter at any time via E-Mail to: datenschutz@sparesortstyria.com
You can also terminate the newsletter subscribtion via click on the button “unsubscribe newsletter”at the end of each newsletter.

5. Contact Form

We look forward to hearing from you.

Data processing
When you contact us using the contact form, THERME SEEWINKEL BETRIEBSGESELLSCHAFT M.B.H processes your personal information indicated below:

  • E-Mail address
  • Salutation
  • First name
  • Last name
  • District
  • Country (optional)

Purpose of data processing
The personal data that you provide when you contact us processed for the purposes of

  • contacting you and,
  • if applicable, establishing a business relationship with you.

Legal basis
The processing of your personal data for the purpose of contacting you is based on taking the necessary steps prior to entering into a contract pursuant to Article 6 (1) (b) of the GDPR.

Duration of storage
The data processed for the above-mentioned purposes will be processed for the duration of the business relationship and/or beyond that, up to the expiration of all legal storage periods.

6.Facebook Fan Page

SPA RESORT STYRIA is operating a Facebook fanpage, on which personal data is processed. SPA RESORT STYRIA as operator of this fanpage is also responsible in the sense of the data protection law.

Your data can be processed through cookies of the fanpage, regardless of whether you have a Facebook account or not. Only Facebook is responsible for the usage of the cookies. THERME SEEWINKEL BETRIEBSGESELLSCHAFT M.B.H has no influence in this regard. Details about the usage of the cookies can be found on (https://www.facebook.com/privacy/explanation) and (https://www.facebook.com/policies/cookies/). You can further download your own Facebook data directly on Facebook (download of the so called “extended archive” in your account settings).
Via the cookies your data can be forwarded to Facebook Inc. into the USA. Facebook is certified for the EU-US-Privacy-Shield, which means Facebook has to maintain a data protection standard towards users in Europe, which has been approved by the European Commission as being comparable to European standards. Apart from that Facebook might also apply cookies from third-party-providers. Those are listed here: https://www.facebook.com/policies/cookies/ . Their respective Cookie-guidelines can be found on the their respective websites.
You can revoke your declaration of consent regarding the storage, processing and usage of your data via cookies in the course of the usage of the fanpage anytime with effect to the future. In this case the processing of your data until the revocation remains legal

7. Data security

The security of your personal data is very important to us.
Taking into account the state of the art in terms of technology, the implementation costs and the nature, scope, circumstances and purposes of the data processing, as well as the likelihood and severity of the risk to the rights and freedoms of natural persons, SPA RESORT STYRIA implements appropriate technical and organizational measures within the meaning of Article 32 of the GDPR.

In this sense, the following measures, inter alia, are taken to protect your data and to protect against loss, destruction, access, modification and distribution by unauthorized persons:

  • Ensuring the confidentiality, integrity, availability and resilience of systems and services related to data processing;
  • Ensuring rapid restoration of the availability of personal data in the event of a physical or technical incident;
  • Implementation of procedures for the periodic review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the safety of the data processing.

Please note that we do not accept any liability for the disclosure of information due to errors that are not attributable or attributable to us in data transmission and/or unauthorized access by third parties.

8. Guest Club
This website uses KunLeiSys Guest Club software (Regular Guest section). The provider is GASTROpoint GmbH, Pommernstraße 17, 83395 Freilassing, Germany. KunLeiSys Guest Club software is a service for organising and
administering the Guest Club, offers, loyalty points, e-mails about events and the distribution of newsletters. You can register to become a member of the Guest Club on our website. All the personal information you provide
shall only be used for the purpose of the respective offer or service. The mandatory information requested for registration must be provided in full. If it is not, your registration will be declined. The personal data you provide
on registration shall only be used as specified in your consent (Art. 6 Para. 1(a) GDPR). You are able to withdraw your consent free of charge at any time. This can be done via the unsubscribe link in the e-mail or the unsubscribe
option in the Guest Club. We shall store the information you have provided for the purpose of the Guest Club until such time as you unsubscribe and, as soon as you have unsubscribed and your Guest Club account has been deleted, your details
shall be deleted from our servers and the servers of GASTROpoint GmbH. We shall inform you of any important changes relating to the scope of the services we offer or that are necessary
for technical reasons via the e-mail address you provided on registration or saved in your profile. This does not affect statutory retention periods. We have signed a contract data processing agreement with GASTROpoint
GmbH and shall fully comply with the strict requirements imposed by the data protection authorities in our operation of KunLeiSys Guest Club software.
Please complete the mandatory fields on the registration screen, as otherwise your registration cannot be processed.

9. Your rights

You have the following rights as a user of our website:

  • Right of access to information (Article 15 of the GDPR): You have the right to obtain confirmation from SPA RESORT STYRIA as to whether your personal data are being processed. In addition, you have the right to further information about the specific purposes of the processing, the categories of the personal data concerned, the recipients or categories of recipients of the personal data concerned, the storage period, the right to erasure or rectification of your personal data or restriction of processing and the right to object to such processing, the right to lodge a complaint and the right to any available information as to their source.
  • Right to rectification (Article 16 of the GDPR): You have the right to obtain from SPA RESORT STYRIA the immediate rectification of your personal data. This right includes the rectification of inaccurate data and the completion of incomplete personal data.
  • Right to erasure (Article 17 of the GDPR): You have the right to obtain from SPA RESORT STYRIA the immediate erasure of your personal data, provided that the reasons stated in Article 17 (1) (a) to (f) of the GDPR (e.g. the purpose for processing no longer applies) and the processing of your personal data is no longer required.
  • Right to restriction of processing (Article 18 of the GDPR): In the cases mentioned in Article 18 of the GDPR (e.g. inaccuracy of the processed personal data, unlawfulness of the processing, etc.), you also have the right to obtain from SPA RESORT STYRIA the restriction of processing.
  • Right to data portability (Article 20 of the GDPR): You have the right to receive your personal data that you have provided to SPA RESORT STYRIA in a structured and commonly used format and to have SPA RESORT STYRIA transmit this data to another controller (e.g. to another law firm).
  • Right to object (Article 21 of the GDPR): You have the right to object at any time to the processing of your personal data on this website.
  • Withdrawal of consent (Article 7 of the GDPR): You have the option of withdrawing any consent given to SPA RESORT STYRIA at any time.
  • Right to lodge a complaint In addition, you can lodge a complaint at any time with the

Austrian Data Protection Authority at:
Österreichische Datenschutzbehörde [Austrian Data Protection Authority)
Wickenburggasse 8
1080 Vienna, Austria

Telephone: +43 1 521 52-25 69
E mail: dsb@dsb.gv.at

You can assert your data subject rights – with the exception of the right of complaint to the Austrian Data Protection Authority – against the Spa Resort Styria at the following address:
– By letter to: Data Protection Officer / Spa Resort Styria, Bad Waltersdorf 351, 8271 Bad Waltersdorf
– by telephone at: 03333 31065-901
– by e-mail to: datenschutz@sparesortstyria.com