Privacy Policy

Declaration made in accordance with Art. 13 of EU Regulation 2016/679 issued by the European Parliament and Council on 27 April, 2016 concerning the protection of natural persons as regards the processing of their personal data, as well as the free circulation of such data, and which abrogates Directive 95/46/EC (General Regulations for the protection of data).

Privacy policy at a glance:
Our privacy policy informs you about anonymous data collection as well as the acquisition and the use of personal data that may be collected contacting us. This occurs, for example, when you visit our website or when you get in contact with us via online form, email, phone, personally or through cooperating media channels to request services, book, check-in/out, or make use of services that require personal data. Personal data include for example: name, e-mail address, phone number, address, credit card details, birthday, or those data that contributes to the personal identification of a person. In accordance with the EU General Data Protection Regulation (Regulation 2016/679 of the European Parliament and of the Council), we inform you about the following:

Controller of data processing:
Hotel Burggräfler of Joachim Matscher
Location: Frankenbergweg 27, 39010 Tisens (BZ), South Tyrol – Italy
Tax ID: IT02256500212
Phone: (0039) 0473 920981
Fax: (0039) 0473 920989
E-mail: info@burggraefler.com

Contents

  1. What data do we process?
  2. What is your data processed for?
  3. Legal ground for data processing
  4. To whom do we pass personal information?
  5. Storage of personal data
  6. Data acquisition on our web site
    6.1. Contact form
    6.2. SSL or TLS encryption
    6.3. Server log files
    6.4. Encrypted payments on this website
    6.5. Cookies, analysis tools and third-party tools
  7. What rights do you have regarding your data?
  8. Characteristics of consent
  9. Alterations

1. What data do we process?

Pursuant to Art. 13 of the European General Data Protection Regulation, we process the following data:

  • personal data (surname, name, address, e-mail, telephone number, fax number, date of birth) as well as your language and the license plate of your vehicle
  • the data shown in your passport or identity card
  • data relative to the method of payment or otherwise connected with your payments (e.g. bank coordinates, details of credit card)
  • date of arrival and length of stay, as well as any personal preferences associated with your stay

2. What is your data processed for?

We collect and use your personal data in order to answer to requests for information and emails and to be able to provide our services as desired and to allow easy access to our website. The data provided will be processed for the following purposes:

  • Memorization of the data for the purpose of future bookings and requests
  • For the implementation of pre-contractual and contractual requirements relative to the guest’s visit (booking, period of stay, departure etc.)
  • Forwarding of communications and telephone calls directly to the guest
  • Management of fitness and wellness centres
  • Forwarding of information, special offers and new features offered by the hotel by e-mail, ordinary mail, and other means of communication concerning the hotel, the local area and any local events etc. The consent to the data processing referring to the sending of information, offers and news about the hotel and its surroundings is given on a voluntary basis. In case of no longer interest you can inform us any time. In absence of requested data we can’t deliver any offer or news.
  • For compliance with legal obligations
  • For further information on the topic “what are your data processed for” see also point “Data collection” on our website

Your personal data will be processed in accordance with the contract and with current legislation, as set forth in the provisions of EU Regulation 679/2016 (GDPR). Consent for the processing of personal data included in special categories is given on a voluntary basis. Should you refuse to release basic data, travel document data and bank data, it will not be possible to fulfil the contractual obligations and accommodate you at our establishment. We do not apply profiling and automated decisions.

3. Legal ground for data processing

  • Legal ground for the processing of your data:
  • compliance with obligations and pre-contractual and contractual requirements
  • your consent
  • compliance with legal and judicial obligations
  • legitimate interests (e.g. for improvements to our client service and our contacts with the clients – also regarding direct advertising – or video surveillance intended to protect persons and property from possible aggression, theft, robbery, damage and vandalism, as well as for fire protection and safety in the workplace). (For each purpose whose legal ground comprises legitimate interest, the nature of such legitimate interest must be specified).

4. To whom do we pass personal information?

We take the protection of your personal rights very seriously and assure you that we will not sell or rent your data to other providers. In order to provide an exemplary service we may only transmit personal information to reputable contractors that are required to protect your information in accordance to our privacy policy. These companies can be the following: (Subjects = Persons, companies or office communities)

  • Subjects with witch a cooperation is necessary to provide our services (e.g. our host provider
  • Subjects hired for the technical maintenance of our hard- and software.
  • Subject who assist and advise us on administrative, accounting, tax, legal, financial, marketing and communication issues, relating to the provision of services.
  • Subjects, authorities or other entities to which your personal information is required due to obligatory requirements.
  • Persons authorized by the controller to process personal data, required for activities related to the provision of services. They are committed to confidentiality or have a responsible legal obligation to maintain confidentiality (e.g. employees of the controller)
  • Our newsletter provider is the German company NEWSTROLL which is subject as well to the dispositions oft he GDPR. All data passed to NEWSTROLL cannot be sold to others and cannot be used for other reasons as for the sending of our newsletter. Of course you are entitled to cancel your consent for data storage and its use for the sending of newsletter at any moment: simply use the link “unsubscribe” you find in each newsletter or contact us directly.
  • You can find more info about “when and to whom do we pass personal information” under the main issue “Data acquisition on our web site”.

These companies are required to protect your data in accordance with our privacy policy for the protection of personal rights and they are as well subjects to the DSGVO. You can request more information by email.

5. Storage of personal data

The duration of the conservation of the data is calculated on the basis of the obligations for the conservation of the data and the requirements contemplated by the law. If your personal data are processed in order to comply with a legal requirement or a contractual obligation, they will be kept only for the time that is strictly necessary for their processing. If the data are processed with your consent, they will be kept until that consent is revoked.

6. Data acquisition on our web site

The following gives a simple overview of what happens to your personal information when you visit our website.

How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form on our website or on other portals. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

6.1. Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You have the right to withdraw your consent at any time simply contacting us per e-mail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

6.2. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

6.3. Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest to ensure an optimized service provided free of technical errors. Therefore server log files have to be stored.

6.4. Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment. Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible. In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

6.5. Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis.

a) Cookies
In order to ensure you a user-friendly experience, to help us improve our site and to analyse web traffic, our website uses cookies. If you choose to disable cookies, you may lose some features and functionality and some contents of our website may not be displayed or may not function correctly. We also inform you that the data collected by some cookies may be transferred to countries that do not offer an adequate level of data protection. For more information, see our cookie policy »
You find all information about the use of cookies and how to manage them on our site Cookie Policy »

b) Newsletter data
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

7. What rights do you have regarding your data?

Right of access by the data subject: In accordance with art. 15 of the GDPR, you are entitled to be informed of the personal data processed, their provenance, nature, possible forwarding to third parties (in such case identifying the same) and their utilization.

Right of rectification and erasure: In accordance with art. 16 of the GDPR, you may at any time require the rectification or completion of your personal data. Similarly, in accordance with art. 17 of the GDPR, you are entitled to require the erasure of the data. In the presence of published data, you also enjoy the “right to be forgotten”, i.e. to request that the measures necessary to erase all the links, copies, replications and similar.

Right to object: You may at any time exercise your right to object as described in art. 21 of the GDPR and modify or entirely revoke your consent for the future.

Right of restriction (or blocking) of processing: In accordance with art. 18 of the GDPR, you may require the restriction of the processing of your personal data. The relevant data may be processed only subject to specific prior consent, i.e. their processing will be effectively limited.

Right to data portability: In accordance with art. 20 of the GDPR, you are entitled to request and receive the personal data provided by yourself in a structured, commonly used and machine-readable format, and you have the right to require their transmission to another controller.

In accordance with art. 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority.

8. Characteristics of consent

Your personal data will be processed in accordance with the contract and with current legislation, as set forth in the provisions of EU Regulation 679/2016 (GDPR). Consent for the processing of personal data included in special categories is given on a voluntary basis. In the absence of such consent, the personal data cannot be processed for any future bookings. Consent for the processing of personal data as regards the forwarding of information, special offers and new features offered by the hotel, too, is voluntary. If the personal data are not provided, then offers and other information shall not be supplied.

9. Alterations

The person responsible reserves the right to change or update the content in whole or in part, also due to changes in applicable legislation