Privacy Statement

We are very happy about your interest in our company. Privacy is a particularly high priority for Konferenzhotel Schlaining GmbH. In principle, it is possible to use the Konferenzhotel Schlaining Ges.m.b.H. website without providing any personally identifiable information. However, if a data subject wants to use special services of our company via our website, processing of personally identifiable information could become necessary. If the processing of personally identifiable information is necessary and there is no legal basis for such processing, we will always ask for the data subject’s consent.
The processing of personally identifiable information, such as name, address, e-mail address, or telephone number of a data subject shall always be in line with the GDPR and the country-specific data protection provisions applicable to the Konferenzhotel Schlaining GmbH. By means of this privacy statement, our company would like to inform the public about the nature, scope and purpose of the personally identifiable information we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy statement.
As the controlling entity, the Konferenzhotel Schlaining GmbH has implemented numerous technological and organisational measures to ensure the most complete protection of personally identifiable information processed through this website. Nevertheless, Internet-based data transmission is always exposed to possible security threats, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to submit personally identifiable information to us by alternative means, for example by telephone.

1. Definitions

The privacy statement of the Konferenzhotel Schlaining GmbH is based on the terms used by the European Data Protection Supervisor when issuing the Data Protection Regulation. Our privacy statement is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy statement:

a) Personally identifiable information

Personally identifiable information is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person whose personally identifiable information is processed by the controller.

c) Processing

Processing is any operation or set of operations which is performed upon personally identifiable information, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personally identifiable information with the aim of limiting their future processing.

e) Pseudonymisation

Pseudonymisation is the processing of personally identifiable information in such a way that the personally identifiable information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technological and organisational measures to ensure that the personally identifiable information is not attributed to an identified or identifiable natural person.

g) Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personally identifiable information. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her designation may be provided for under Union or Member State law.

g) Processor

Processor is any natural or legal person, public authority, agency or other body which processes personally identifiable information on behalf of the controller.

h) Recipient

Recipient is a natural or legal person, public authority, agency or other body to whom personally identifiable information is disclosed, whether or not a third party. However, authorities that may receive personally identifiable information in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

i) Third party

Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personally identifiable information under the direct responsibility of the controller or the processor.

j) Consent

Consent is any freely given specific and informed indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personally identifiable information relating to him or her.

Name and address of the controller

Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Konferenzhotel Schlaining GmbH
Klingergasse 2-4
A-7461 Stadtschlaining

Phone: 0043 3355 2600-0
Fax: 0043 3355 2622-16
Email: zeit@burghotel-schlaining.at
Website: www.burghotel-schlaining.at

Group Data Protection Officer
Horst Lesacher, LL.M.
T: +43 5 9010 8018
datenschutz@landesholding-burgenland.at

3. Collection of general data and information

The website of the Konferenzhotel Schlaining GmbH collects a number of general data and information whenever a data subject or automated system accesses the website. This general data and information is stored in the server’s log files. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert risks in the event of attacks on our information technology systems.
When using this general data and information, the Konferenzhotel Schlaining GmbH does not draw any conclusions about the data subject. This information is rather required in order to (1) correctly deliver the contents of our website, (2) optimise the content of our website as well as the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website as well as (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. The Konferenzhotel Schlaining GmbH therefore collects anonymous data and information on the one hand for statistical purposes, and on the other for the purpose of increasing the privacy and data security of our company so that we can ultimately ensure an optimal level of protection for the personally identifiable information we process. The anonymous data of the server log files are stored separately from any personally identifiable information provided by a data subject.

4. Data collection for general contact requests

If you contact us via the contact form on our website or by email, the information you provide will be stored by us for six months for the purpose of processing your request and in the event of follow-up questions. We will not share this information without your consent.

5. Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They’re not doing any damage. We use cookies to make our offer user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognise your browser the next time you visit us.
If you do not wish this, you can set up your browser so that it informs you about the use of cookies and you only allow this in individual cases.
Disabling cookies may limit the functionality of our website.

6. Web Analysis

Our website uses features of Google Analytics, the web analysis service of Google Inc. (Google). We use cookies are for this purpose, which enable us to analyse how users use the website. The information generated by this is sent to Google and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this information on Google’s behalf. Google will under no circumstances associate your IP address with other Google Inc. data.
You may refuse the installation of cookies by selecting the appropriate settings in your browser, however please note that if you do this you may not be able to use the full functionality of this website.

7. Newsletter

You have the opportunity to subscribe to our newsletter via our website. For this we need your first name, last name and email address as well as your consent to receive the newsletter. Once you have registered for the newsletter, we will send you a confirmation email with a link to confirm your registration. You can cancel your newsletter subscription at any time. Your information in connection with sending the newsletter will then be automatically deleted.

8. Routine deletion and blocking of personally identifiable information

The controller shall process and store personally identifiable information of the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Data Protection Supervisor or other legislator in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European Data Protection Supervisor or any other competent legislator expires, the personally identifiable information will be routinely blocked or deleted in accordance with the legal provisions.

9. Data subject rights

a) Right to confirmation

If you have an account on this website or have posted comments, you may request an export of your personally identifiable information from us, including any information you have provided to us. Furthermore, you can request the deletion of all personally identifiable information that we have stored about you. This does not include information that we are required to retain due to administrative, legal or security needs.

b) Right to be informed

Any person concerned by the processing of personally identifiable information shall have the right granted by the European Data Protection Supervisor to obtain at any time from the controller, free of charge, access to and a copy of the personally identifiable information relating to him or her which has been stored. Furthermore, the European Data Protection Supervisor grants the data subject access to the following information:

  • The purposes of processing
  • The categories of personally identifiable information that is processed
  • The recipients or categories of recipients to whom the personally identifiable information has been or will be disclosed, in particular in the case of recipients in third countries or international organisations
  • If possible, the planned period for which personally identifiable information is stored, or, if this is not possible, the criteria for determining that period of time
  • The existence of a right to rectification or erasure of personally identifiable information concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
  • The existence of a right of complaint to a supervisory authority
  • If the personally identifiable information is not collected from the data subject: All available information on the origin of the data
  • The existence of automated processing according to Article 22 Paragraph 1 and 4 GDPR and—at least in these cases—meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject has a right of access to whether personally identifiable information has been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right to be informed, he or she may, at any time, contact any employee of the controller.

c) Right to rectification

Any person concerned by the processing of personally identifiable information shall have the right granted by the European Data Protection Supervisor to request the immediate rectification of any inaccurate personally identifiable concerning them. Furthermore, the data subject shall have the right, taking into account the purposes of the processing, to request the completion of incomplete personally identifiable information—including by means of a supplementary declaration.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

en.

d) Right to erasure (Right to be forgotten)

Any person concerned by the processing of personally identifiable information shall have the right granted by the European Data Protection Supervisor to obtain from the controller the erasure without delay of personally identifiable information concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:

  • The personally identifiable information has been collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject revokes the consent on which the processing was based pursuant to Article 6 Paragraph 1(a) of the GDPR or Article 9 Paragraph 2(a) of the GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 Paragraph 2 of the GDPR.
  • The personally identifiable information has been processed unlawfully.
  • The deletion of the personally identifiable informationis necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personally identifiable information was collected in relation to the offer of information society services pursuant to Article 8 Paragraph 1 of the GDPR.

Sofern einer der oben genannten Gründe zutrifft und eine betroffene Person die Löschung von personenbezogenen Daten, die bei der Konferenzhotel Schlaining GmbH gespeichert If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personally identifiable information stored by the Konferenzhotel Schlaining GmbH, he or she may, at any time, contact any employee of the controller. The employee of the Konferenzhotel Schlaining GmbH will arrange for the deletion request to be complied with immediately.

If the personally identifiable information was made public by the Konferenzhotel Schlaining GmbH and our company as the controller is obliged to delete the personally identifiable information pursuant to Article 17 Paragraph 1 GDPR to erase the personal data, the Konferenzhotel Schlaining GmbH shall, taking into account the available technology and the cost of implementation, implement reasonable measures, including technological measures, to inform other data controllers which process the published personally identifiable information, that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personally identifiable information, unless the processing is necessary. The employee of the Konferenzhotel Schlaining GmbH will arrange for the necessary steps to be taken in individual cases.

e) Right to restriction of processing

Any person concerned by the processing of personally identifiable information shall have the right granted by the European General Data Protection Regulation to obtain from the controller to restrict processing where one of the following grounds applies:

  • The accuracy of the personally identifiable information is contested by the data subject for a period enabling the controller to verify the accuracy of the personally identifiable information.
  • The processing is unlawful, the data subject objects to the erasure of the personally identifiable information and requests instead the restriction of the use of the personally identifiable information.
  • The controller no longer needs the personally identifiable information for the purposes of processing, but the data subject needs it for asserting, exercising or defending of legal claims.
  • The data subject has objected to the processing pursuant to Article 21 Paragraph 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned reasons applies, and a data subject wishes to arrange for the restriction of personally identifiable information stored by the Konferenzhotel Schlaining GmbH, he or she may, at any time, contact any employee of the controller. The employee of the Konferenzhotel Schlaining GmbH will arrange the restriction of processing.

f) Right to data portability

Any person concerned by the processing of personally identifiable information shall have the right granted by the European General Data Protection Regulation to receive the personally identifiable information concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He/she shall also have the right to transmit such data to another controller without hindrance from the controller to whom the personally identifiable information has been provided, provided that the processing is based on consent pursuant to Article 6 Paragraph 1(a) of the GDPR or Article 9 Paragraph 2(a) of the GDPR or on a contract pursuant to Article 6 Paragraph 1(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising his or her right to data portability pursuant to Article 20 Paragraph 1 of the GDPR, the data subject shall have the right to obtain that the personally identifiable information be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
In order to assert the right to data portability, the data subject may at any time contact any employee of the Konferenzhotel Schlaining GmbH.

g) Right to withdraw consent

Any person affected by the processing of personally identifiable information shall have the right granted by the European Data Protection Supervisor to object at any time, on grounds relating to his or her particular situation, to the processing of personally identifiable information concerning him or her which is carried out on the basis of Article 6 Paragraph 1(e) or (f) of the GDPR.

The Konferenzhotel Schlaining GmbH shall no longer process the personally identifiable information in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

If the Konferenzhotel Schlaining GmbH processes personally identifiable information for the purpose of direct marketing, the data subject shall have the right to object at any time to processing of personally identifiable information for such marketing. If the data subject objects to the Konferenzhotel Schlaining GmbH to the processing for direct marketing purposes, the Konferenzhotel Schlaining GmbH will no longer process the personally identifiable information for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personally identifiable information concerning him or her which is carried out by the Konferenzhotel Schlaining GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 Paragraph 1 of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

In order to assert the right to withdraw consent, the data subject may at any time contact any employee of the Konferenzhotel Schlaining GmbH. The data subject shall also be free to exercise his or her right to object by means of automated procedures using technical specifications in the context of the use of information society services, notwithstanding Directive 2002/58/EC.

h) Right to revoke consent under the GDPR

Any person concerned by the processing of personally identifiable information shall have the right granted by the European Data Protection Supervisor to revoke consent to the processing of personally identifiable information at any time.

If a data subject wishes to exercise this right to revoke consent, he or she may, at any time, contact any employee of the controller.

10. Legal basis of processing

Art. 6 I lit. a DS-GVO dient unserem Unternehmen als Rechtsgrundlage für Verarbeitungsvorgänge, bei denen wir eine Einwilligung für einen bestimmten Verarbeitungszweck einholen. Ist die Verarbeitung personenbezogener Daten zur Erfüllung eines Vertrags, dessen Vertragspartei die betroffene Person ist, erforderlich, wie dies beispielsweise bei VeArticle 6 Paragraph 1(a) of the GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personally identifiable information is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 Paragraph 1(a) of the GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of requests for our products or services. If our company is subject to a legal obligation by which the processing of personally identifiable information becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Article 6 Paragraph 1(c) of the GDPR. In rare cases, the processing of personally identifiable information might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information needed to be passed on to a doctor, hospital or other third party. Then processing would be based on Article 6 Paragraph 1(d) of the GDPR. Finally, processing operations could be based on Article 6 Paragraph 1(f) of the GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, this body took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Article 47 Paragraph 2 of the GDPR).

11. Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 Paragraph 1(f) of the GDPR., our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

12. Period for which personally identifiable information is stored

The criterion for the period of storage of personally identifiable information is the respective legal retention period. After expiry of the period, the corresponding information is routinely deleted if it is no longer required for the fulfilment or initiation of the contract.

13. Gesetzliche oder vertragliche Vorschriften zur Bereitstellung der personenbezogenen Daten; Erforderlichkeit für den Vertragsabschluss; Verpflichtung der betroffenen PLegal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personally identifiable information; possible consequences of non-provision

We would like to inform you that the provision of personally identifiable information is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personally identifiable information which must subsequently be processed by us. For example, the data subject is obliged to provide us with personally identifiable information if our company concludes a contract with him or her. Non-provision of the personally identifiable information would mean that the contract with the data subject could not be concluded. Before a data subject provides personally identifiable information, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personally identifiable information is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personally identifiable information and what the consequences of not providing the personally identifiable information would be.

14. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

15. Privacy notices in the application procedure

Please refer to the document “Datenschutz für Bewerber” (in German language).
Info sheet DATENSCHUTZ FÜR BEWERBER (PDF 116 KB)

Burgenland